AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `dist/cli/setup-mcp.js` invokes config mutation only for explicit `wigolo setup mcp`.
- `dist/cli/tui/config-writer.js` registers `npx -y wigolo` in selected AI-agent MCP configurations.
- `dist/cli/tui/agents.js` targets user AI-agent config paths including Codex, Cursor, VS Code, and Gemini CLI.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- `dist/index.js` dispatches configuration changes only through explicit CLI commands.
- `dist/watch/ssrf.js` blocks localhost, private ranges, link-local addresses, and `metadata.google.internal`.
- `dist/extraction/site-extractors/amazon.js` uses invisible-character removal while parsing scraped text; no Trojan Source control flow was found.
- `dist/searxng/docker.js` manages a fixed local Docker SearXNG container and probes `127.0.0.1`.
- No source path inspected harvested credentials or exfiltrated local files/environment values.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/searxng/docker.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/plugins/loader.jsView on unpkg · L84Package source references weak cryptographic algorithms.
dist/search/evidence.jsView on unpkg · L1Source reaches cloud instance metadata or link-local credential endpoints.
dist/watch/ssrf.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/extraction/site-extractors/amazon.jsView on unpkg · L249A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/extraction/site-extractors/amazon.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/doctor.jsView on unpkg · L62