AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs syrax-audit, confirms Husky or autofix, and selects an agent.
Impact
Can persist a project hook or cause an AI CLI to modify project files from remote audit-report prompts.
Mechanism
Explicit user-invoked AI-agent and Git-hook project mutation.
Rationale
Source shows no unconsented lifecycle execution or concrete stealth/exfiltration chain, so blocking is not justified. The explicit agent-control and hook-setup capabilities warrant a warning under the firewall policy.
Evidence
package.jsonbin/index.js.env.husky/pre-commit.husky/pre-pushsyrax-report.json.cursorrules
Network endpoints2
localhost:5173syrax-analyzer.moisesvalero.es/api/web-audit/cli-analyze
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- bin/index.js sends local HTML and optional bearer key to Syrax API.
- Confirmed autofix writes syrax-report.json and .cursorrules.
- Cursor rule directs an AI agent to apply report prompts autonomously.
- Confirmed Claude/Antigravity choices execute shell commands over project code.
- Confirmed Husky setup installs a dependency and writes a Git hook.
Evidence against
- package.json declares no preinstall, install, postinstall, or prepare hook.
- All project mutations require an explicit CLI invocation and interactive confirmation.
- The CLI reads only SYRAX_API_KEY from .env; no broad credential harvesting found.
- Network use is limited to localhost:5173 and the package-aligned Syrax audit endpoint.
- No eval, VM, binary loading, destructive deletion, or hidden persistence found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcebin/index.jsView file
4import path from 'path';
L5: import { execSync } from 'child_process';
L6: import prompts from 'prompts';
High
142launchedProcess = spawn(packageManager, runArgs, {
L143: shell: true,
L144: stdio: 'ignore'
High
279const installCmd =
L280: packageManager === 'pnpm' ? 'pnpm add -D husky' : 'npm install --save-dev husky';
L281: execSync(installCmd, { stdio: 'ignore' });
L282: execSync('npx husky init', { stdio: 'ignore' });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/index.jsView on unpkg · L279Findings
3 High2 Medium3 Low
HighChild Processbin/index.js
HighShellbin/index.js
HighRuntime Package Installbin/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings