AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `you machine restore` copies shared Claude, Codex, Warp, and agent-skill configuration into home directories.
- Restore accepts `~/.agent-shared/agent-config` and writes `~/.claude/mcp.json` plus `~/.codex/config.toml`.
- `you stack daemon install` installs user LaunchAgents that run sync and orchestrator commands.
- LaunchAgent payloads invoke `youmd sync --live --daemon` and `youmd orchestrate watch --once`.
- Networked runtime features target package-aligned `https://you.md` endpoints.
- `postinstall` only prints a TTY-gated banner and performs no writes or network access.
- Agent-config mutation and daemon installation are reachable through explicit CLI subcommands, not install-time hooks.
- Restore documents backups by default and supports `--dry-run`; captured config excludes listed auth files.
- No source evidence of credential exfiltration, remote payload download, eval, or hidden install-time persistence.
Source & flagged code
5 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource writes installer persistence such as shell profile or service configuration.
dist/commands/stack.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
scripts/agent-shared-template/bin/sync-agent-shared.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/commands/machine.jsView on unpkg