AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/setup.js` runs `npm install @toon-format/toon` when resolution fails.
- Explicit CLI setup writes MCP entries into selected local or global agent config paths.
- Written entries invoke `npx -y toon-memory mcp`, enabling future agent-launched package execution.
- `detectAgents` always includes OpenCode and VS Code/Copilot via `|| true`.
- `package.json` has no preinstall, install, postinstall, or other lifecycle scripts.
- `bin/setup.js` is reached only through the user-invoked `toon-memory` binary and asks for scope.
- `src/mcp/server.ts` only manages `.opencode/memory/data.toon` through stdio MCP tools.
- No authored source contains network client calls, credential harvesting, shell payloads, or remote code loading.
Source & flagged code
5 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/toon-memory.jsView on unpkg · L3Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L17095This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/setup.jsView on unpkg · L18