AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `xt install` explicitly syncs MCP, Claude hooks, Pi packages, and skills.
- `.xtrm/config/hooks.json` wires hooks across Claude session and tool events.
- `.xtrm/config/claude.mcp.json` adds remote MCP servers and an `npx` server.
- `xtrm-ui` writes a global Pi setting at `~/.pi/agent/settings.json`.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Agent configuration occurs through explicit CLI subcommands with confirmations for Claude wiring.
- Reviewed hooks log locally to `.xtrm/debug.db`; no network exfiltration was found.
- No credential harvesting, covert remote payload loading, or destructive install-time behavior was found.
Source & flagged code
5 flagged · loading sourcePackage source references dynamic require/import behavior.
packages/pi-extensions/extensions/xtrm-ui/index.tsView on unpkg · L203Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.xtrm/hooks/quality-check.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
.xtrm/hooks/quality-check.pyView on unpkgPackage contains source files above the static scanner size ceiling.
cli/dist/index.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
cli/dist/index.cjsView on unpkg