AI Security Review
scanned 1d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- Explicit `you stack sync/provision/daemon` commands can write/symlink agent control files under `~/.codex`, `~/.claude`, `.cursorrules`, and LaunchAgents.
- `scripts/agent-shared-template/bin/sync-agent-shared.sh` symlinks AGENTS.md and skills into multiple agent hosts.
- `scripts/env-vault/backup.sh` can package `.env.local` plus agent auth files, though encrypted and user-invoked.
- `package.json` postinstall only requires `dist/postinstall.js`; that file prints an interactive banner and exits in CI/non-TTY.
- No unconsented install-time mutation of AI agent configs found.
- Network use is aligned with You.md CLI features and authenticated APIs.
- Secret-handling scripts state and implement encrypted vault flow; no raw secret exfiltration path confirmed.
- Main/bin entrypoints register CLI commands; risky behavior is behind explicit user commands.
Source & flagged code
4 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/commands/stack.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
scripts/agent-shared-template/bin/sync-agent-shared.shView on unpkg