AI Security Review
scanned 41m ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked local git history viewer with a native binary, local web UI, GitHub status lookups, and optional agent-window focus helpers.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the ingit executable.
Impact
Local repo inspection and user-requested git/window actions; no install-time mutation or exfiltration found.
Mechanism
prebuilt native CLI serving a local git UI
Rationale
Static inspection shows a prebuilt, user-invoked git UI package with no lifecycle hooks and no concrete malicious behavior. The agent-session and GNOME extension features are guarded runtime UI capabilities, not unconsented install-time control-surface mutation.
Evidence
package.jsoningitlibziggit.dylibclient/index.htmlclient/assets/index-CgrOd-mb.js
Network endpoints3
127.0.0.1:8488ws://127.0.0.1:8488/rpcapi.github.com/repos/{owner}/{repo}/commits/{sha}/pulls
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
- Ships Mach-O executable ingit and native libziggit.dylib, requiring binary trust.
- ingit embeds code that can invoke git actions and local process/window inspection when the CLI app is run.
- ingit reads agent session metadata under .claude/.codex and can trigger GNOME Window Calls install from an in-app button.
Evidence against
- package.json has no lifecycle scripts and no install/import-time execution.
- package.json only includes prebuilt app artifacts: ingit, client, libziggit.dylib.
- Network use found is package-aligned: local HTTP/WebSocket server and GitHub PR/CI API calls using GITHUB_TOKEN when available.
- client/assets/index-CgrOd-mb.js is a bundled React UI; scanner Unicode concern corresponds to UI text/CSS direction handling, not hidden control-flow.
- No evidence of credential harvesting, exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface writes.
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourceclient/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner)
`):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/assets/index-CgrOd-mb.jsView on unpkg · L577libziggit.dylibView file
•path = libziggit.dylib
kind = native_binary
sizeBytes = 23379
magicHex = [redacted]
Medium
Findings
1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.dylib
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings