registry  /  @lcv-ideas-software/cross-review  /  4.5.3

@lcv-ideas-software/cross-review@4.5.3

API-first MCP server for multi-model cross-review with unanimous convergence gates.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. On explicit CLI/MCP-server launch, the package creates package-owned capability tokens and persists review state under its configured data directory. It can submit user-supplied review material to configured first-party model-provider APIs. No install-time or foreign control-surface mutation is established.

Static reason
One or more suspicious static signals were detected.
Trigger
User launches `cross-review` or invokes its MCP tools.
Impact
Review content may leave the host through configured provider APIs; local MCP capability-token and session files are created.
Mechanism
MCP multi-model review service with local token/session persistence and provider API requests.
Rationale
Source inspection found no npm lifecycle execution, payload staging, foreign agent-config writes, or arbitrary command execution. The package still creates MCP capability state and transmits review requests to model providers during normal runtime, so a warn is appropriate for this capability-bearing MCP service.
Evidence
package.jsondist/src/mcp/server.jsdist/src/core/caller-tokens.jsdist/src/core/session-store.jsdist/src/observability/logger.jsdist/src/peers/deepseek.js<data_dir>/host-tokens.json<data_dir>/sessions/<data_dir>/logs/
Network endpoints3
api.deepseek.comapi.x.ai/v1api.perplexity.ai

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/src/mcp/server.js` initializes caller tokens when the CLI MCP server starts.
  • `dist/src/core/caller-tokens.js` creates `<data_dir>/host-tokens.json` and supports operator-triggered token rotation.
  • The runtime sends review content to configured model-provider APIs, including DeepSeek, xAI, and Perplexity.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No eval, VM, dynamic payload loader, shell execution, or foreign AI-agent config mutation was found.
  • `caller-tokens.js` uses `spawnSync` only for a time-bounded parent-process snapshot.
  • Session, log, cache, and token writes are scoped to the configured `data_dir`.
  • The scanner's secret hit is in `dist/scripts/smoke.js` test coverage, not an embedded credential.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 45 file(s), 1.48 MB of source, external domains: 127.0.0.1, ai.google.dev, api-docs.deepseek.com, api.deepseek.com, api.perplexity.ai, api.x.ai, cross-review.lcv.dev, developers.openai.com, docs.anthropic.com, docs.perplexity.ai, docs.x.ai, github.com, platform.claude.com, platform.openai.com, registry.npmjs.org

Source & flagged code

4 flagged · loading source
dist/scripts/smoke.jsView file
7141patternName = private_key_rsa severity = critical line = 7141 matchedText = const tr...ED`;
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/scripts/smoke.jsView on unpkg · L7141
7141patternName = private_key_rsa severity = critical line = 7141 matchedText = const tr...ED`;
Critical
Secret Pattern

RSA private key in dist/scripts/smoke.js

dist/scripts/smoke.jsView on unpkg · L7141
7143patternName = private_key_rsa severity = critical line = 7143 matchedText = assert.o....");
Critical
Secret Pattern

RSA private key in dist/scripts/smoke.js

dist/scripts/smoke.jsView on unpkg · L7143
CHANGELOG.mdView file
902patternName = private_key_rsa severity = critical line = 902 matchedText = `-----BE...hing
Critical
Secret Pattern

RSA private key in CHANGELOG.md

CHANGELOG.mdView on unpkg · L902

Findings

4 Critical2 Medium4 Low
CriticalCritical Secretdist/scripts/smoke.js
CriticalSecret PatternCHANGELOG.md
CriticalSecret Patterndist/scripts/smoke.js
CriticalSecret Patterndist/scripts/smoke.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings