registry  /  @lineman-io/plugin  /  2.9.17

@lineman-io/plugin@2.9.17

Lineman MCP server — AI-powered code intelligence for Claude Code

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a Claude Code/Lineman plugin that routes opted-in tool output and file-assist requests to Lineman APIs and installs product hooks/statusline behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes the CLI/MCP server or Claude Code plugin hooks run after installation/configuration.
Impact
Routes selected development context to Lineman services and changes Claude Code session guidance; no source-grounded malware behavior found.
Mechanism
product-aligned MCP hooks, cloud assist calls, OAuth token refresh, and optional statusline setup
Rationale
The suspicious primitives are aligned with the declared Claude Code plugin purpose and are user/runtime-invoked rather than install-time malware. Obfuscation and agent-guidance hooks raise review noise, but direct source inspection did not find credential theft, covert exfiltration, destructive behavior, or unconsented lifecycle hijack.
Evidence
package.jsonstart.mjsdist/main.jsdist/token-refresh.jsdist/api-url-guard.jsdist/urls.jshooks/session-start.mjshooks/lineman-call.mjshooks/core/statusline-install.mjshooks/core/lineman-config.mjs~/.lineman/config.json~/.lineman/auth-circuit.json~/.lineman/signed-claim.json~/.claude/settings.json~/.claude/lineman-statusline.mjs
Network endpoints5
api-data.lineman.ioapi-app.lineman.ioapi-data-staging.lineman.ioapi-app-staging.lineman.iolineman.io/update-manifest.json

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/main.js is heavily obfuscated/minified and is the CLI/main entrypoint.
  • hooks/session-start.mjs injects Lineman usage guidance into Claude Code sessions and discourages native file-exploration tools.
  • hooks/core/statusline-install.mjs can write ~/.claude/settings.json and copy a statusline script on session start.
Evidence against
  • package.json has no install/postinstall lifecycle scripts; bin/main run only when invoked.
  • Network calls are product-aligned Lineman APIs with URL allowlisting in dist/api-url-guard.js and hooks/core/lineman-config.mjs.
  • dist/token-refresh.js refreshes OAuth tokens against configured authBaseUrl and writes ~/.lineman/config.json, matching documented auth behavior.
  • hooks/lineman-call.mjs sends task content to /lineman/execute only when Lineman is enabled/authenticated.
  • No credential harvesting, broad filesystem exfiltration, persistence, or destructive install-time behavior found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 92 file(s), 588 KB of source, external domains: api-app-staging.lineman.io, api-app.lineman.io, api-data-staging.lineman.io, api-data.lineman.io, api.lineman.io, auth.lineman.io, lineman.io, nodejs.org
Oversized source lightweight scan
dist/main.js2.10 MB file, sampled 256 KB
NetworkObfuscatedHighEntropyStringsMinifiedUrlStringsauth.lineman.io

Source & flagged code

5 flagged · loading source
start.mjsView file
33// be a file:// URL. pathToFileURL is a no-op-equivalent on POSIX. L34: await import(pathToFileURL(resolve(__dirname, "dist", "main.js")).href);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

start.mjsView on unpkg · L33
hooks/core/tier3-transport.mjsView file
1import{createHash as e}from"node:crypto";import{platform as r}from"node:os";export function tier3TransportTarget(t){return"win32"===r()?`\\\\.\\pipe\\lineman-tier3-${e("sha1").upda...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

hooks/core/tier3-transport.mjsView on unpkg · L1
dist/main.jsView file
path = dist/main.js kind = oversized_source_file sizeBytes = 2198960 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/main.jsView on unpkg
path = dist/main.js kind = oversized_cli_entrypoint sizeBytes = 2198960 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

dist/main.jsView on unpkg
dist/token-refresh.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @lineman-io/plugin@2.9.16 matchedIdentity = npm:QGxpbmVtYW4taW8vcGx1Z2lu:2.9.16 similarity = 0.978 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/token-refresh.jsView on unpkg

Findings

1 Critical2 High5 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/token-refresh.js
HighObfuscated
HighOversized Source Filedist/main.js
MediumDynamic Requirestart.mjs
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/main.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptohooks/core/tier3-transport.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License