registry  /  @lcv-ideas-software/cross-review  /  4.5.9

@lcv-ideas-software/cross-review@4.5.9

API-first MCP server for multi-model cross-review with unanimous convergence gates.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network use is the package’s explicit multi-provider review function, and state writes are confined to configured package data paths.

Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the MCP server or invokes review tools that select a provider.
Impact
Sends user-supplied review content to operator-configured AI providers; writes review state and first-party caller tokens locally.
Mechanism
MCP review orchestration, provider API calls, and local session/token persistence.
Rationale
Direct inspection shows an explicitly invoked MCP multi-model review service with expected provider networking and package-owned local persistence. No install-time execution, credential harvesting/exfiltration path, remote payload execution, destructive behavior, or foreign AI-agent configuration mutation was found.
Evidence
package.jsondist/src/mcp/server.jsdist/src/core/config.jsdist/src/core/caller-tokens.jsdist/src/core/session-store.jsdist/src/dashboard/server.jsdist/src/peers/deepseek.jsdist/src/peers/grok.jsdist/src/peers/perplexity.jsdist/scripts/smoke.jsdata/host-tokens.jsondata/config.json
Network endpoints3
api.deepseek.comapi.perplexity.aiapi.x.ai/v1

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for warning
    Evidence against
    • `package.json` has no preinstall, install, postinstall, or prepare hook.
    • `dist/src/mcp/server.js` starts only under its main-module guard.
    • `dist/src/peers/*.js` uses configured API keys for declared model-provider clients.
    • `dist/src/dashboard/server.js` binds its dashboard to `127.0.0.1`.
    • `dist/src/core/caller-tokens.js` creates package-owned caller tokens with mode `0600`.
    • No fixed credential matched in `dist/scripts/smoke.js`; the hint is test/config-related noise.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 54 file(s), 1.92 MB of source, external domains: 127.0.0.1, ai.google.dev, api-docs.deepseek.com, api.deepseek.com, api.perplexity.ai, api.x.ai, cross-review.lcv.dev, developers.openai.com, docs.anthropic.com, docs.perplexity.ai, docs.x.ai, github.com, platform.claude.com, platform.openai.com, registry.npmjs.org

    Source & flagged code

    4 flagged · loading source
    dist/scripts/smoke.jsView file
    7169patternName = private_key_rsa severity = critical line = 7169 matchedText = const tr...ED`;
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/scripts/smoke.jsView on unpkg · L7169
    7169patternName = private_key_rsa severity = critical line = 7169 matchedText = const tr...ED`;
    Critical
    Secret Pattern

    RSA private key in dist/scripts/smoke.js

    dist/scripts/smoke.jsView on unpkg · L7169
    7171patternName = private_key_rsa severity = critical line = 7171 matchedText = assert.o....");
    Critical
    Secret Pattern

    RSA private key in dist/scripts/smoke.js

    dist/scripts/smoke.jsView on unpkg · L7171
    CHANGELOG.mdView file
    1228patternName = private_key_rsa severity = critical line = 1228 matchedText = `-----BE...hing
    Critical
    Secret Pattern

    RSA private key in CHANGELOG.md

    CHANGELOG.mdView on unpkg · L1228

    Findings

    4 Critical2 Medium4 Low
    CriticalCritical Secretdist/scripts/smoke.js
    CriticalSecret PatternCHANGELOG.md
    CriticalSecret Patterndist/scripts/smoke.js
    CriticalSecret Patterndist/scripts/smoke.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings