AI Security Review
scanned 5h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- src/compiler/docs.ts defines optional AI assistant pointer files: CLAUDE.md, AGENTS.md, .cursor/rules/toiljs.mdc, and Copilot instructions.
- src/cli/create.ts scaffolds those helper files by default unless --no-ai or deselected.
- build/compiler/plugin.js exposes dev-only /__toil/ai proxy to configured OpenAI/Anthropic/custom endpoint using env API keys.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build.
- src/compiler/plugin.ts confines /__toil/open and /__toil/source to project root via realpath and blocks cross-site Sec-Fetch-Site.
- src/cli/create.ts validates project dir stays under cwd and package manager is allowlisted.
- src/cli/proc.ts child_process use runs fixed tool commands for create/update/configure/build workflows.
- src/cli/notify.ts registry fetch is package-aligned update check and honors opt-out env vars.
- No credential harvesting, stealth persistence, destructive behavior, or remote payload execution found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
tests/data-parity/generated-parity.tsView on unpkg · L9Package source references dynamic require/import behavior.
tests/data-parity/generated-parity.tsView on unpkg · L60A single source file combines environment access, network access, and code or shell execution; review context before blocking.
build/compiler/plugin.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
build/compiler/index.jsView on unpkg