AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `syrax-audit` interactively and confirms Husky or Premium autofix options.
Impact
Can modify the current project and cause a selected local AI agent to act on server-provided audit prompts.
Mechanism
Opt-in project-hook and AI-agent automation with remote HTML analysis.
Rationale
No unconsented lifecycle execution or concrete malicious chain is present. The explicit autofix and agent-control behavior warrants a warning because remote audit results can influence local agent actions.
Evidence
package.jsonbin/index.js.envindex.htmldist/index.htmlpublic/index.html.svelte-kit/output/client/index.html.husky/pre-commit.husky/pre-pushsyrax-report.json.cursorrules
Network endpoints2
syrax-analyzer.moisesvalero.es/api/web-audit/cli-analyzelocalhost:5173
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/index.js` uploads audited local HTML and an optional API key to the Syrax API.
- Interactive premium autofix writes `.cursorrules` that directs Cursor to run `npx syrax-audit --ci`.
- User-confirmed autofix invokes Claude Code or Antigravity through `execSync`.
- User-confirmed Husky setup installs Husky and writes a pre-commit or pre-push hook.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All project mutation paths require interactive opt-in; CI mode skips setup prompts.
- No credential harvesting beyond `SYRAX_API_KEY`, and no unrelated exfiltration endpoint is present.
- No obfuscation, remote payload loading, destructive deletion, or stealth persistence was found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcebin/index.jsView file
4import path from 'path';
L5: import { execSync } from 'child_process';
L6: import prompts from 'prompts';
High
139launchedProcess = spawn(`${packageManager} run dev`, [], {
L140: shell: true,
L141: stdio: 'pipe'
High
322const installCmd =
L323: packageManager === 'pnpm' ? 'pnpm add -D husky' : 'npm install --save-dev husky';
L324: execSync(installCmd, { stdio: 'ignore' });
L325: execSync('npx husky init', { stdio: 'ignore' });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/index.jsView on unpkg · L322Findings
3 High2 Medium3 Low
HighChild Processbin/index.js
HighShellbin/index.js
HighRuntime Package Installbin/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings