AI Security Review
scanned 3h ago · by lpm-firewall-aiThe runtime can execute operator-configured plugins, MCP subprocesses, and saved scripts under the Talon OS user. No install-time execution, covert payload, or unconsented foreign AI-agent control-surface mutation was established.
Decision evidence
public snapshot- `src/util/config.ts` accepts operator-defined plugin paths and MCP commands.
- `src/core/plugin/loader.ts` dynamically imports configured plugin entrypoints.
- `src/core/plugin/mcp.ts` launches configured MCP command/argument pairs.
- `src/core/scripts/runner.ts` executes saved scripts through local interpreters.
- `src/backend/codex/auth.ts` reads `~/.codex/auth.json` for Codex authentication.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- `bin/talon.js` only starts the explicit Talon CLI.
- `src/util/paths.ts` stores Talon state under `~/.talon`.
- No source write to `.claude`, `.codex`, `.cursor`, or other foreign agent configuration was found.
- Observed network usage is configured frontend/backend functionality, not a covert exfiltration path.
Source & flagged code
4 flagged · loading sourcePackage source references dynamic require/import behavior.
src/core/plugin/registry.tsView on unpkg · L118Package source references weak cryptographic algorithms.
src/core/soul/embedder.tsView on unpkg · L111Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/talon.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
src/frontend/discord/formatting.tsView on unpkg · L74