AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time or import-time attack behavior is established. Explicit CLI setup modifies project-local agent integration files, and the optional worker can delegate tasks to a local coding-agent runner.
Decision evidence
public snapshot- `dist/index.js` `tower setup` writes `.mcp.json`, `CLAUDE.md`, and optionally Git hooks.
- `dist/worker.js` can run `claude` or `codex exec --full-auto` for delegated tasks when explicitly auto-enabled.
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/index.js` only invokes setup through the explicit `setup` CLI command.
- `dist/worker.js` requires per-task confirmation by default and refuses noninteractive operation without `--auto` or remote approval.
- Task text is passed to the runner on stdin rather than interpolated into shell commands.
- Setup preserves invalid `.mcp.json` and does not overwrite existing Git hooks.
- Remote networking uses operator-supplied `TOWER_URL` and optional `TOWER_TOKEN`; no fixed exfiltration endpoint was found.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L2748