AI Security Review
scanned 12h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- cli.js setup writes Claude Desktop MCP config to run `npx -y tapmarket-connect@latest serve`.
- cli.js setup creates ~/.tapmarket/wallet.json containing ownerKey/sessionApproval and posts wallet address to fund.tappayment.io.
- server.js exposes MCP hire_specialist tool that spends USDC via ZeroDev/Base Sepolia and sends user input to catalog endpoints.
- catalog.js routes user-supplied specialist input to hermes.tappayment.io and scribe.tappayment.io.
- server.js logs hire records to ~/.tapmarket/hires.jsonl.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Claude config mutation is gated behind explicit `tapmarket-connect setup`, not install/import time.
- No child_process, eval/vm/Function, native binary loading, or hidden remote payload execution found.
- Network endpoints are package-aligned payment/faucet/specialist RPC endpoints for the advertised TapMarket connector.
- Wallet keys are generated locally and read locally; inspected code does not exfiltrate ownerKey or sessionApproval.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
server.jsView on unpkg · L19A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkg · L19Tarball package.json differs from the npm registry version manifest for scripts or dependency sets.
package.jsonView on unpkg