AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/cli/setup.ts` `init` writes `toon-memory` MCP entries to several AI-agent config formats.
- The `init` command can create global agent config directories when invoked with `global`.
- Top-level CLI setup runs `npm install @toon-format/toon` if resolution fails.
- `upgrade` explicitly queries npm and globally installs the requested latest package.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Agent configuration mutation is gated behind explicit `init` CLI dispatch.
- MCP server source uses stdio and local `.opencode/memory` storage; no authored HTTP client or exfiltration path found.
- Network use is limited to package-aligned npm-registry downloads and explicit upgrade/install helpers.
- `bin/toon-memory.js` only launches the packaged CLI or MCP server.
Source & flagged code
7 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/toon-memory.jsView on unpkg · L3Package source references a known benign dynamic code generation pattern.
mcp/server.jsView on unpkg · L17095This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/setup.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/setup.jsView on unpkg · L15Package source references dynamic require/import behavior.
dist/cli/setup.jsView on unpkg · L12Package ships non-JavaScript build or shell helper files.
uninstall.shView on unpkg