AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The explicit CLI persists coordination state under `.tower` and can connect to a user-configured remote Tower MCP endpoint.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `tower init`, `claim`, `guard`, or `serve`.
Impact
Creates local coordination state and, when explicitly configured, sends claim data to `TOWER_URL`.
Mechanism
Local agent-work coordination with optional configured MCP transport.
Rationale
Source inspection shows a user-invoked coordination CLI, not install-time or stealth behavior. Its agent configuration and hook references are printed templates only, while network use is explicitly configured.
Evidence
package.jsondist/index.jsdist/commands.jsdist/lib.jsdist/remote.js.tower/policy.yaml.tower/tower.db.tower/claim-id
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no lifecycle scripts; only a user-invoked `tower` bin.
- `dist/index.js` writes only local `.tower` policy, SQLite state, and claim-id files.
- `cmdInit` prints MCP/hook setup text but does not modify `.mcp.json`, agent rules, or Git hooks.
- Remote MCP use requires explicit `TOWER_URL`; only its configured endpoint receives claim metadata and optional bearer token.
- HTTP serving defaults to `127.0.0.1`; non-local access requires `TOWER_TOKEN`.
- No child-process execution, eval/vm, destructive file operations, or credential harvesting found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStrings
Source & flagged code
1 flagged · loading sourcedist/commands.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = tower-mcp@0.1.1
matchedIdentity = npm:dG93ZXItbWNw:0.1.1
similarity = 0.500
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands.jsView on unpkgFindings
1 High1 Medium3 Low
HighPrevious Version Dangerous Deltadist/commands.js
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings