AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/daemon.js` accepts relay `task_request` messages and starts an `AgentLoop`.
- `src/tools/terminalExec.js` runs supplied shell commands through `child_process.exec`.
- `src/sandbox.js` defaults allowed workspaces to the entire home directory and all tools.
- `src/tools/fsRead.js` can read files; tool results are returned to the configured LLM/relay flow.
- `src/providers/dashscope.js` posts prompts, workspace context, and tool definitions to `https://vanexa-agent-fallback.yourdomain.com/agent` by default.
- `src/pairing.js` persists a six-digit pairing code as the daemon session ID rather than a relay-issued JWT.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- Remote execution requires explicit `pair` then `start`/CLI invocation.
- `src/agentLoop.js` requests approval for dangerous actions in default autonomy mode B.
- No source evidence of covert install-time harvesting, persistence, or destructive payload execution.
Source & flagged code
5 flagged · loading sourcePackage ships high-entropy non-source blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships compressed or archive-like blobs.
vanexa-agent-1.0.0.tgzView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
vanexa-agent-1.0.0.tgzView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/tools/webSearch.jsView on unpkg