registry  /  @lcv-ideas-software/cross-review  /  4.5.7

@lcv-ideas-software/cross-review@4.5.7

API-first MCP server for multi-model cross-review with unanimous convergence gates.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network use is the package’s stated multi-model review function and local persistence is confined to its configured data directory.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User explicitly runs `cross-review` or invokes its MCP review tools.
Impact
No install-time execution, credential harvesting, foreign agent-config mutation, remote payload loading, or destructive broad filesystem behavior found.
Mechanism
MCP orchestration of configured AI-provider API clients with local session storage.
Rationale
The flagged secret pattern is a deliberately synthetic test value used to verify redaction. Source inspection found no malicious execution chain or unconsented control-surface modification.
Evidence
package.jsondist/src/mcp/server.jsdist/src/dashboard/server.jsdist/src/core/caller-tokens.jsdist/src/core/session-store.jsdist/src/peers/perplexity.jsdist/scripts/smoke.jsdist/src/peers/openai.jsdist/src/peers/anthropic.jsdist/src/peers/gemini.js
Network endpoints1
api.perplexity.ai

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall/prepare lifecycle hook.
    • `dist/src/mcp/server.js` only starts when invoked as its executable entrypoint.
    • `dist/src/core/caller-tokens.js` creates package-local caller tokens with mode 0600.
    • `dist/src/dashboard/server.js` binds its dashboard to 127.0.0.1.
    • `dist/scripts/smoke.js` contains a synthetic `sk-test-...` redaction test, not a credential.
    • Provider adapters require configured API keys and use declared model-provider clients.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 54 file(s), 1.90 MB of source, external domains: 127.0.0.1, ai.google.dev, api-docs.deepseek.com, api.deepseek.com, api.perplexity.ai, api.x.ai, cross-review.lcv.dev, developers.openai.com, docs.anthropic.com, docs.perplexity.ai, docs.x.ai, github.com, platform.claude.com, platform.openai.com, registry.npmjs.org

    Source & flagged code

    5 flagged · loading source
    dist/scripts/smoke.jsView file
    7169patternName = private_key_rsa severity = critical line = 7169 matchedText = const tr...ED`;
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    dist/scripts/smoke.jsView on unpkg · L7169
    7169patternName = private_key_rsa severity = critical line = 7169 matchedText = const tr...ED`;
    Critical
    Secret Pattern

    RSA private key in dist/scripts/smoke.js

    dist/scripts/smoke.jsView on unpkg · L7169
    7171patternName = private_key_rsa severity = critical line = 7171 matchedText = assert.o....");
    Critical
    Secret Pattern

    RSA private key in dist/scripts/smoke.js

    dist/scripts/smoke.jsView on unpkg · L7171
    matchType = previous_version_dangerous_delta matchedPackage = @lcv-ideas-software/cross-review@4.5.5 matchedIdentity = npm:[redacted]:4.5.5 similarity = 0.635 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/scripts/smoke.jsView on unpkg
    CHANGELOG.mdView file
    1179patternName = private_key_rsa severity = critical line = 1179 matchedText = `-----BE...hing
    Critical
    Secret Pattern

    RSA private key in CHANGELOG.md

    CHANGELOG.mdView on unpkg · L1179

    Findings

    4 Critical1 High2 Medium4 Low
    CriticalCritical Secretdist/scripts/smoke.js
    CriticalSecret PatternCHANGELOG.md
    CriticalSecret Patterndist/scripts/smoke.js
    CriticalSecret Patterndist/scripts/smoke.js
    HighPrevious Version Dangerous Deltadist/scripts/smoke.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings