AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/cli/setup.ts` writes MCP entries for OpenCode, VS Code, Claude, Cursor, Windsurf, Cline, and Continue.
- The default CLI path prompts then configures every supported agent; `init` does the same without prompts.
- `src/cli/setup.ts` invokes npm to install a missing dependency and its explicit `upgrade` command installs the latest package globally.
- `package.json` has only `prepublishOnly`; consumers receive no install lifecycle hook.
- Config mutation occurs only after an explicit CLI invocation, not package install or import.
- `src/mcp/server.ts` uses stdio and local project `.opencode/memory` files; no application network or exfiltration code found.
- `src/bin/toon-memory.ts` only dispatches to the local CLI or MCP server.
Source & flagged code
7 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/toon-memory.jsView on unpkg · L3Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L17095This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/setup.jsView on unpkg · L14Package source references dynamic require/import behavior.
dist/cli/setup.jsView on unpkg · L11Package ships non-JavaScript build or shell helper files.
uninstall.shView on unpkg