AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked local diff review CLI with a localhost web UI that runs jj/git and can insert user-authored review comments into source files.
Decision evidence
public snapshot- dist/cli.js starts a local HTTP API and can write review comments into files under the current repo when the UI calls /api/comment.
- dist/cli.js shells out to jj/git diff/show and reads working-copy files for a local diff review workflow.
- package.json has no install/postinstall lifecycle hooks; prepack is publish-time only.
- README.md documents a local browser-based diff review UI with jj/git integration and source-file review comments.
- dist/cli.js binds to localhost by default and opens a local browser URL; no external exfiltration endpoint was found.
- process.env use is limited to HOME for ~/.local/share/skepsis viewed-state storage and passing env to dev-mode Vite.
- No AI-agent control-surface writes, persistence hooks, credential harvesting, remote code loading, or dependency-confusion behavior found.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/web/assets/index-CA5iKp7g.jsView on unpkg · L160Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L22284Package source references dynamic require/import behavior.
dist/web/assets/javascript-KezPQq9h.jsView on unpkg · L1