AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are tied to the advertised local LLM proxy/CLI workflow and require explicit runtime commands or configuration.
Decision evidence
public snapshot- dist/cli/commands/start.js can run npm install --production if node_modules is missing, but only during user-invoked antigravity start.
- dist/cli/utils/cert.js can install a local TLS certificate into OS trust stores when start/certs trust is invoked.
- dist/context-injector.js can inject Antigravity tool guidance into proxied model requests when contextStripMode is not passthrough.
- package.json has no install/postinstall hooks; prepublishOnly only runs npm run build.
- bin/cli.js only registers explicit CLI commands; no import-time execution beyond command setup.
- dist/index.js is a local proxy/dashboard for Antigravity requests and forwards to configured LLM providers or Google backend.
- Network endpoints are package-aligned providers: cloudcode-pa.googleapis.com, openrouter.ai, integrate.api.nvidia.com, api.openai.com, api.anthropic.com, api.groq.com, generativelanguage.googleapis.com, opencode.ai.
- No source evidence of credential harvesting, hidden exfiltration, persistence beyond user config, destructive payloads, or reviewer/prompt manipulation aimed at this review.
- Agent context content is operational tool guidance for Antigravity; no instructions to steal secrets or conceal behavior were found.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/cli/utils/port.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/cli/utils/cert.jsView on unpkg · L2This package version adds a dangerous source file absent from the previous stored version.
dist/cli/commands/start.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli/commands/start.jsView on unpkg · L146