AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked local code review UI that shells out to jj/git and serves results to a local browser frontend.
Decision evidence
public snapshot- package.json has no install/postinstall lifecycle hooks; only bin maps skepsis to dist/cli.js.
- dist/cli.js child_process usage runs package-aligned jj/git diff/show commands after user invokes CLI.
- dist/cli.js starts a local Hono HTTP server for diff UI; default host is localhost and only logs/opens local URL.
- dist/cli.js writes viewed state under ~/.local/share/skepsis and inserts/removes review comments in user-selected repo files via UI endpoints.
- README.md documents local diff review behavior, jj/git shell-outs, comment insertion, and viewed-state storage.
- No credential harvesting, external exfiltration endpoint, persistence hook, or AI-agent control-surface mutation found.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/web/assets/index-CA5iKp7g.jsView on unpkg · L160Source executes local commands and sends command output to an external endpoint.
dist/cli.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L22285Package source references dynamic require/import behavior.
dist/web/assets/javascript-KezPQq9h.jsView on unpkg · L1