AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Run `syrax-audit`; additional mutations require interactive confirmations and Premium autofix/agent selection.
Impact
A user who accepts prompts may expose audited HTML to the service and allow server-provided prompts to influence an external coding agent.
Mechanism
Remote HTML audit plus opt-in project hook and AI-agent configuration/execution.
Rationale
No concrete malicious chain or unconsented lifecycle mutation was found. The explicit AI-agent configuration and external-agent execution are nevertheless a meaningful dangerous capability that warrants a warning.
Evidence
package.jsonbin/index.js.env.husky/pre-commit.husky/pre-pushsyrax-report.json.cursorrulesindex.htmldist/index.htmlpublic/index.html.svelte-kit/output/client/index.html
Network endpoints2
syrax-analyzer.moisesvalero.es/api/web-audit/cli-analyzelocalhost:5173
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `bin/index.js` posts audited local HTML and optional bearer API key to Syrax.
- `bin/index.js` writes `.cursorrules` instructing AI agents to prioritize server-supplied repair prompts.
- Interactive Premium autofix can run Claude Code via `npx` or Antigravity CLI.
- Interactive hook setup installs Husky and writes executable project Git hooks.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- All mutation paths require a user-run CLI plus interactive confirmation/agent selection.
- Network use matches the declared web-audit function and targets a fixed Syrax API by default.
- No obfuscation, payload download, credential harvesting beyond `SYRAX_API_KEY`, or destructive file logic found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
3 flagged · loading sourcebin/index.jsView file
4import path from 'path';
L5: import { execSync } from 'child_process';
L6: import prompts from 'prompts';
High
153launchedProcess = spawn(`${packageManager} run dev`, [], {
L154: shell: true,
L155: stdio: 'pipe'
High
337const installCmd =
L338: packageManager === 'pnpm' ? 'pnpm add -D husky' : 'npm install --save-dev husky';
L339: execSync(installCmd, { stdio: 'ignore' });
L340: execSync('npx husky init', { stdio: 'ignore' });
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
bin/index.jsView on unpkg · L337Findings
3 High2 Medium3 Low
HighChild Processbin/index.js
HighShellbin/index.js
HighRuntime Package Installbin/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings