AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `tribenest clone` or `tribenest pull`; agent capability activates when the user runs `tribenest mcp`.
Impact
A fetched project can influence coding-agent instructions and dependency installation within the user-selected checkout; no unconsented install-time mutation is present.
Mechanism
User-invoked remote project scaffolding plus MCP configuration.
Rationale
The package contains no automatic install hook or concrete malicious chain. Its explicit commands modify agent-control files and install remotely sourced project dependencies, so the policy calls for a warning rather than a clean or block verdict.
Evidence
package.jsondist/index.jsREADME.md~/.tribenest/config.json<selected-project>/.env<selected-project>/tribenest.json<selected-project>/CLAUDE.md<selected-project>/AGENTS.md<selected-project>/.mcp.json
Network endpoints3
api.tribenest.coadmin.tribenest.co127.0.0.1
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `clone`/`pull` write `CLAUDE.md`, `AGENTS.md`, and `.mcp.json` into the selected project.
- Generated agent instructions include server-supplied `context.guidanceRules`.
- `clone` runs `npm install` on the fetched project after scaffolding it.
- The MCP command exposes authenticated platform actions to a coding agent.
Evidence against
- `package.json` has no install, postinstall, or preinstall lifecycle hook.
- The agent configuration writes occur only after explicit `tribenest clone` or `pull` commands.
- Auth tokens are stored in `~/.tribenest/config.json` with mode 0600.
- Network calls target the declared TribeNest API and use the user-created PAT; no hidden exfiltration path was found.
- No eval, VM execution, obfuscated payload, broad credential harvesting, or destructive behavior was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
CopyleftLicenseWildcardDependency
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
6 Medium6 Low
MediumNetwork
MediumEnvironment Vars
MediumWildcard Dependency
MediumAi Review Evidence
MediumAi Review Evidence
MediumAi Review Evidence
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License