AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network use is the package’s stated multi-model review function and local persistence is confined to its configured data directory.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User explicitly runs `cross-review` or invokes its MCP review tools.
Impact
No install-time execution, credential harvesting, foreign agent-config mutation, remote payload loading, or destructive broad filesystem behavior found.
Mechanism
MCP orchestration of configured AI-provider API clients with local session storage.
Rationale
The flagged secret pattern is a deliberately synthetic test value used to verify redaction. Source inspection found no malicious execution chain or unconsented control-surface modification.
Evidence
package.jsondist/src/mcp/server.jsdist/src/dashboard/server.jsdist/src/core/caller-tokens.jsdist/src/core/session-store.jsdist/src/peers/perplexity.jsdist/scripts/smoke.jsdist/src/peers/openai.jsdist/src/peers/anthropic.jsdist/src/peers/gemini.js
Network endpoints1
api.perplexity.ai
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `package.json` has no preinstall/install/postinstall/prepare lifecycle hook.
- `dist/src/mcp/server.js` only starts when invoked as its executable entrypoint.
- `dist/src/core/caller-tokens.js` creates package-local caller tokens with mode 0600.
- `dist/src/dashboard/server.js` binds its dashboard to 127.0.0.1.
- `dist/scripts/smoke.js` contains a synthetic `sk-test-...` redaction test, not a credential.
- Provider adapters require configured API keys and use declared model-provider clients.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
5 flagged · loading sourcedist/scripts/smoke.jsView file
7169patternName = private_key_rsa
severity = critical
line = 7169
matchedText = const tr...ED`;
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/scripts/smoke.jsView on unpkg · L71697169patternName = private_key_rsa
severity = critical
line = 7169
matchedText = const tr...ED`;
Critical
7171patternName = private_key_rsa
severity = critical
line = 7171
matchedText = assert.o....");
Critical
•matchType = previous_version_dangerous_delta
matchedPackage = @lcv-ideas-software/cross-review@4.5.5
matchedIdentity = npm:[redacted]:4.5.5
similarity = 0.635
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/scripts/smoke.jsView on unpkgCHANGELOG.mdView file
1179patternName = private_key_rsa
severity = critical
line = 1179
matchedText = `-----BE...hing
Critical
Findings
4 Critical1 High2 Medium4 Low
CriticalCritical Secretdist/scripts/smoke.js
CriticalSecret PatternCHANGELOG.md
CriticalSecret Patterndist/scripts/smoke.js
CriticalSecret Patterndist/scripts/smoke.js
HighPrevious Version Dangerous Deltadist/scripts/smoke.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings