AI Security Review
scanned 17h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli/setup-mcp.js` explicitly invokes AI-tool configuration after agent selection.
- `dist/cli/tui/config-writer.js` writes MCP entries for Codex, Claude, Cursor, VS Code, Gemini, Zed, and Windsurf.
- `dist/plugins/loader.js` dynamically imports user-installed plugins from its configured plugin directory.
- `dist/searxng/docker.js` starts/stops a named Docker SearXNG container on explicit runtime use.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `dist/index.js` dispatches setup, Docker, doctor, and uninstall behavior only from explicit CLI commands.
- `dist/watch/ssrf.js` rejects localhost, cloud-metadata aliases, private IPv4, and private IPv6 targets.
- `dist/extraction/site-extractors/amazon.js` uses invisible-character removal in parsed text; no hidden execution or exfiltration was found.
- No credential harvesting, telemetry/exfiltration endpoint, remote payload execution, or destructive install-time behavior was identified.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/searxng/docker.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/plugins/loader.jsView on unpkg · L84Package source references weak cryptographic algorithms.
dist/search/evidence.jsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist/watch/ssrf.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/extraction/site-extractors/amazon.jsView on unpkg · L249A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/extraction/site-extractors/amazon.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/doctor.jsView on unpkg · L62