AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/setup.js` explicitly writes an OpenCode tool and skill into the invoking project.
- The same CLI creates and modifies `.opencode/memory/data.toon`.
- `bin/setup.js` conditionally runs `npm install @toon-format/toon` in the invoking project.
- `bin/mcp.js` invokes `npx tsx` at runtime, though it is not declared as a package bin.
- `package.json` has no preinstall, install, postinstall, or other lifecycle scripts.
- All observed writes are gated behind explicit execution of the `toon-memory` CLI.
- `src/memory.ts` and `src/mcp/server.ts` only read/write project-local memory data.
- No credential harvesting, outbound network client, payload download, or destructive filesystem behavior was found.
- `mcp/server.js` is a bundled local stdio MCP implementation; its `Function` use is dependency validation code.
Source & flagged code
4 flagged · loading sourcePackage source invokes a package manager install command at runtime.
bin/mcp.jsView on unpkg · L10Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L8202This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/setup.jsView on unpkg