registry  /  @ingit/cli-linux-x64  /  0.1.0-bootstrap.0

@ingit/cli-linux-x64@0.1.0-bootstrap.0

ingit prebuilt binary for linux-x64

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Risky primitives are in a user-invoked local git history viewer that starts a localhost UI and optionally queries GitHub metadata.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User manually runs the ingit executable
Impact
Package-aligned repo inspection and local UI actions; no install-time compromise identified
Mechanism
local git UI server with git/repo operations and optional agent-window focus helpers
Rationale
Direct inspection found a prebuilt, user-invoked local git viewer with native code and agent-session UI helpers, but no lifecycle hook, persistence, credential harvesting, exfiltration, or unconsented AI-agent control-surface mutation. The network and process/file access observed are aligned with the package's local repository viewer functionality.
Evidence
package.jsoningitlibziggit.soclient/index.htmlclient/assets/index-CgrOd-mb.js
Network endpoints3
127.0.0.1:8488ws://127.0.0.1:8488/rpcapi.github.com

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Ships ELF executable ingit and native libziggit.so
  • User-invoked ingit starts localhost HTTP/WebSocket server
  • ingit can query GitHub API using optional GITHUB_TOKEN for PR/CI metadata
  • ingit inspects /proc and .codex/.claude session files to display/focus agent sessions
Evidence against
  • package.json has no lifecycle scripts, bin, main, or module entrypoints
  • No install-time execution or AI-agent control-surface writes found
  • Client bundle is UI code loaded by local server; scanner Unicode hint appears to be normal NBSP/typographic UI text
  • GNOME Window Calls extension install is behind an explicit UI action
  • Network use is package-aligned: local RPC and GitHub repo metadata
Behavioral surface
Source
ChildProcessNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 413 KB of source, external domains: react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
client/assets/index-CgrOd-mb.jsView file
577contains invisible/control Unicode U+2060 (word joiner) `):e}var Es=null,Ds;function Os(){return Es===null&&(Es=new Intl.Segmenter(Ds,{granularity:`word`})),Es}var ks=/\p{Script=Arabic}/u,As=/\p{M}/u,js=/\p{Nd}/u;function Ms(e){return ks.test(e)}function Ns(e){return e>=19968&&e<=40959||e>=13312
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

client/assets/index-CgrOd-mb.jsView on unpkg · L577
libziggit.soView file
path = libziggit.so kind = native_binary sizeBytes = 217648 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

libziggit.soView on unpkg

Findings

1 Critical3 Medium2 Low
CriticalTrojan Source Unicodeclient/assets/index-CgrOd-mb.js
MediumNetwork
MediumShips Native Binarylibziggit.so
MediumStructural Risk Force Deep Review
LowHigh Entropy Strings
LowUrl Strings