registry  /  @limina-labs/momentum  /  0.37.0

@limina-labs/momentum@0.37.0

Agent-agnostic, specs-driven development framework — single project or multi-project ecosystem

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No malicious attack chain is confirmed. The package is an agent workflow CLI that explicitly installs first-party hooks/plugins and local scripts into supported coding-agent surfaces.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `momentum init`, `momentum upgrade`, or swarm/orchestration subcommands.
Impact
Project-local agent hooks can block/remind/banner and swarm commands can launch local agent CLIs; no covert install-time mutation or exfiltration found.
Mechanism
explicit first-party agent extension setup and local CLI spawning
Rationale
Source inspection shows explicit, package-aligned agent extension scaffolding with local hooks and local CLI spawning, not unconsented lifecycle mutation or malicious exfiltration. Because it installs first-party agent control surfaces, warn is appropriate even though the package is not malicious.
Evidence
package.jsonbin/momentum.jsadapters/codex/adapter.jsadapters/claude-code/adapter.jsadapters/antigravity/adapter.jsadapters/opencode/adapter.jsadapters/opencode/plugins/momentum.jscore/scripts/brainstorm-gate.shcore/scripts/check-history-reminder.shcore/scripts/sessionstart-handoff.sh.codex/hooks.json.claude/settings.json.agents/hooks.json.opencode/plugins/momentum.jsscripts/brainstorm-gate.shscripts/check-history-reminder.shscripts/sessionstart-handoff.sh.momentum/installed.json.githooks/
Network endpoints3
registry.npmjs.org/@limina-labs/momentum/latesttrymomentum.github.iogithub.com/LiminaLabsAI/momentum.git

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • User-invoked `momentum init/upgrade` installs agent control files: `.codex/hooks.json`, `.claude/settings.json`, `.agents/hooks.json`, `.opencode/plugins/momentum.js`.
  • Installed hooks run local scripts such as `scripts/brainstorm-gate.sh`, `scripts/check-history-reminder.sh`, and `scripts/sessionstart-handoff.sh`.
  • Adapters can spawn local AI CLIs (`claude`, `codex`, `agy`, `opencode`) from explicit swarm/orchestration flows.
  • CLI performs a user-command update check to `https://registry.npmjs.org/@limina-labs/momentum/latest`.
  • Antigravity spawn uses `--dangerously-skip-permissions`, but only inside explicit `swarm` dispatch logic.
Evidence against
  • `package.json` has no install/preinstall/postinstall hooks; only `prepublishOnly`.
  • Entrypoint is a CLI bin (`bin/momentum.js`), with no import-time install mutation observed.
  • Agent/hook writes are package-aligned scaffolding and occur through explicit `init`/`upgrade` commands.
  • Existing config files are skipped or backed up rather than silently clobbered in reviewed paths.
  • No credential harvesting, broad file exfiltration, remote payload download/execute, or destructive persistence found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 75 file(s), 677 KB of source, external domains: 127.0.0.1, antigravity.google, github.com, registry.npmjs.org

Source & flagged code

3 flagged · loading source
core/ecosystem/lib/index.jsView file
20L21: const fs = require('fs'); L22: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

core/ecosystem/lib/index.jsView on unpkg · L20
core/ecosystem/scripts/session-append.shView file
path = core/ecosystem/scripts/session-append.sh kind = build_helper sizeBytes = 5436 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

core/ecosystem/scripts/session-append.shView on unpkg
bin/momentum.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @limina-labs/momentum@0.35.0 matchedIdentity = npm:QGxpbWluYS1sYWJzL21vbWVudHVt:0.35.0 similarity = 0.967 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/momentum.jsView on unpkg

Findings

1 High5 Medium5 Low
HighPrevious Version Dangerous Deltabin/momentum.js
MediumDynamic Requirecore/ecosystem/lib/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpercore/ecosystem/scripts/session-append.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings