AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `bin/setup.js` explicitly configures seven AI-agent MCP config locations.
- `bin/setup.js` supports global home-directory configuration writes after CLI invocation.
- `bin/setup.js` runs `npm install @toon-format/toon` if resolution fails.
- `bin/setup.js` upgrade command queries npm then globally installs the returned version.
- `install.sh` and `install.ps1` download/install package artifacts and alter user PATH when explicitly run.
- `package.json` has only `prepublishOnly`; no preinstall/install/postinstall hook.
- `bin/toon-memory.js` dispatches setup only after the user runs the CLI.
- Agent-config changes add a visible `toon-memory` MCP entry invoking `npx -y toon-memory mcp`.
- `src/mcp/server.ts` reads and writes only project `.opencode/memory/data.toon`.
- No source evidence of credential harvesting, secret/environment exfiltration, or outbound runtime HTTP requests.
- `mcp/server.js` dynamic Function is bundled AJV validation code, not package-controlled payload execution.
Source & flagged code
6 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/toon-memory.jsView on unpkg · L3Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L17095This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/setup.jsView on unpkg · L18Package ships non-JavaScript build or shell helper files.
uninstall.shView on unpkg