AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/bin/cli.cjs` implements `tdm mcp` setup that creates or updates a project `.mcp.json`.
- The CLI `connect` flow also invokes MCP project configuration setup.
- The generated MCP entry launches the bundled `tdm mcp serve` runtime for an MCP client.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- MCP configuration mutation is documented and reached through explicit CLI commands, not package import or installation.
- No clipboard API identifiers, raw `eval`, or `new Function` were found in shipped JS; the clipboard finding is a false positive.
- `dist/gateway-auth.cjs` dynamic `child_process` loading supports local vault/Windows ACL handling, not clipboard replacement.
Source & flagged code
6 flagged · loading sourceSource reads and rewrites clipboard contents matching cryptocurrency wallet addresses.
dist/gateway-auth.cjsView on unpkg · L355Package source references dynamic require/import behavior.
dist/gateway-auth.cjsView on unpkg · L2A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkgPackage ships non-JavaScript build or shell helper files.
examples/protocol-first/python_authorize.pyView on unpkgPackage contains source files above the static scanner size ceiling.
dist/bin/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/bin/cli.cjsView on unpkg