AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network use is the package’s explicit multi-provider review function, and state writes are confined to configured package data paths.
Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the MCP server or invokes review tools that select a provider.
Impact
Sends user-supplied review content to operator-configured AI providers; writes review state and first-party caller tokens locally.
Mechanism
MCP review orchestration, provider API calls, and local session/token persistence.
Rationale
Direct inspection shows an explicitly invoked MCP multi-model review service with expected provider networking and package-owned local persistence. No install-time execution, credential harvesting/exfiltration path, remote payload execution, destructive behavior, or foreign AI-agent configuration mutation was found.
Evidence
package.jsondist/src/mcp/server.jsdist/src/core/config.jsdist/src/core/caller-tokens.jsdist/src/core/session-store.jsdist/src/dashboard/server.jsdist/src/peers/deepseek.jsdist/src/peers/grok.jsdist/src/peers/perplexity.jsdist/scripts/smoke.jsdata/host-tokens.jsondata/config.json
Network endpoints3
api.deepseek.comapi.perplexity.aiapi.x.ai/v1
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for warning
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `dist/src/mcp/server.js` starts only under its main-module guard.
- `dist/src/peers/*.js` uses configured API keys for declared model-provider clients.
- `dist/src/dashboard/server.js` binds its dashboard to `127.0.0.1`.
- `dist/src/core/caller-tokens.js` creates package-owned caller tokens with mode `0600`.
- No fixed credential matched in `dist/scripts/smoke.js`; the hint is test/config-related noise.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/scripts/smoke.jsView file
7169patternName = private_key_rsa
severity = critical
line = 7169
matchedText = const tr...ED`;
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/scripts/smoke.jsView on unpkg · L71697169patternName = private_key_rsa
severity = critical
line = 7169
matchedText = const tr...ED`;
Critical
7171patternName = private_key_rsa
severity = critical
line = 7171
matchedText = assert.o....");
Critical
CHANGELOG.mdView file
1228patternName = private_key_rsa
severity = critical
line = 1228
matchedText = `-----BE...hing
Critical
Findings
4 Critical2 Medium4 Low
CriticalCritical Secretdist/scripts/smoke.js
CriticalSecret PatternCHANGELOG.md
CriticalSecret Patterndist/scripts/smoke.js
CriticalSecret Patterndist/scripts/smoke.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings