AI Security Review
scanned 38m ago · by lpm-firewall-aiNo confirmed malicious attack surface. Risky primitives are in a user-invoked local git history viewer that starts a localhost UI and optionally queries GitHub metadata.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User manually runs the ingit executable
Impact
Package-aligned repo inspection and local UI actions; no install-time compromise identified
Mechanism
local git UI server with git/repo operations and optional agent-window focus helpers
Rationale
Direct inspection found a prebuilt, user-invoked local git viewer with native code and agent-session UI helpers, but no lifecycle hook, persistence, credential harvesting, exfiltration, or unconsented AI-agent control-surface mutation. The network and process/file access observed are aligned with the package's local repository viewer functionality.
Evidence
package.jsoningitlibziggit.soclient/index.htmlclient/assets/index-CgrOd-mb.js
Network endpoints3
127.0.0.1:8488ws://127.0.0.1:8488/rpcapi.github.com
Decision evidence
public snapshotAI called this Clean at 78.0% confidence as Benign with low false-positive risk.
Evidence for block
- Ships ELF executable ingit and native libziggit.so
- User-invoked ingit starts localhost HTTP/WebSocket server
- ingit can query GitHub API using optional GITHUB_TOKEN for PR/CI metadata
- ingit inspects /proc and .codex/.claude session files to display/focus agent sessions
Evidence against
- package.json has no lifecycle scripts, bin, main, or module entrypoints
- No install-time execution or AI-agent control-surface writes found
- Client bundle is UI code loaded by local server; scanner Unicode hint appears to be normal NBSP/typographic UI text
- GNOME Window Calls extension install is behind an explicit UI action
- Network use is package-aligned: local RPC and GitHub repo metadata
Behavioral surface
ChildProcessNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
2 flagged · loading sourceclient/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner)
`):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
client/assets/index-CgrOd-mb.jsView on unpkg · L577libziggit.soView file
•path = libziggit.so
kind = native_binary
sizeBytes = 217648
magicHex = [redacted]
Medium
Findings
1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.so
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings