AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `tracepulse init --claude` or another explicit init client option.
Impact
Can steer or block an AI coding agent's shell workflow until bypassed or removed.
Mechanism
Explicit AI-agent configuration and shell-command gating.
Rationale
Source inspection confirms an explicit-user-command AI-agent configuration capability, not concrete malware behavior. Flag as warn because the installed global rule and hook can alter agent behavior, while installation itself is inert.
Evidence
package.jsondist/cli.jsdist/init-command-QPC4IKM5.jsdist/manifest-registration-4Y6IBOFP.jsskills/claude-hooks/tracepulse-gate.shskills/claude-rules/tracepulse.md~/.claude/rules/tracepulse.md.claude/hooks/tracepulse-gate.sh.claude/mcp.json.kiro/settings/mcp.json.cursor/mcp.json.mcp.json
Network endpoints2
registry.npmjs.org/tracepulse/latest${DASHBOARD_URL}/api/v1/manifests
Decision evidence
public snapshotAI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/init-command-QPC4IKM5.js` writes `~/.claude/rules/tracepulse.md`, described as auto-loaded every session.
- Explicit `tracepulse init --claude` installs a Claude PreToolUse Bash hook that denies test/build/lint commands unless bypassed.
- Explicit init also writes MCP configs and Kiro hooks/prompts in the selected project.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hook; `prepublishOnly` only builds before publishing.
- Agent-control writes are reachable only through the explicit `init` CLI command, not import or installation.
- Network use is limited to an npm update check and optional `DASHBOARD_URL` manifest registration; no credential harvesting or remote code loading found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
CopyleftLicense
Source & flagged code
1 flagged · loading sourcebin/tracepulse.cmdView file
•path = bin/tracepulse.cmd
kind = build_helper
sizeBytes = 143
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
bin/tracepulse.cmdView on unpkgFindings
4 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/tracepulse.cmd
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License