AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/setup.js` runs on explicit CLI invocation and edits multiple AI-agent configs.
- It writes `npx -y toon-memory mcp` into global/local MCP settings.
- `bin/setup.js` runs `npm install @toon-format/toon` if resolution fails.
- `install.sh` can download a tarball and persist a PATH entry when manually piped to shell.
- `package.json` has no preinstall, install, or postinstall hook.
- CLI setup is interactive and requires the user to run `toon-memory`.
- `src/mcp/server.ts` only reads/writes project `.opencode/memory/data.toon`.
- No source network/exfiltration call exists in the MCP server or CLI setup.
- Bundled `mcp/server.js` corresponds to the local memory server source.
Source & flagged code
6 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/toon-memory.jsView on unpkg · L3Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L17095This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/setup.jsView on unpkg · L18Package ships non-JavaScript build or shell helper files.
uninstall.shView on unpkg