registry  /  @rendotdev/lgtm  /  0.1.15

@rendotdev/lgtm@0.1.15

Human approval for agent work, with code diff and Markdown review.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `lgtm setup` or `lgtm install`; enabled MCP/plugin invokes `dist/cli.mjs`.
Impact
User-approved agent integration changes; no unconsented install-time mutation confirmed.
Mechanism
Explicit agent-plugin installation and localhost review server.
Rationale
No concrete malicious behavior was found, but the package provides explicit commands that mutate AI-agent extension configuration. Per policy, that user-invoked agent-control capability warrants a warning rather than a block.
Evidence
package.jsondist/cli.mjsdist/pi/lgtm.mjs.mcp.json.mcp.claude.json.codex-plugin/plugin.jsonbin/lgtm.mjsskills/lgtm/SKILL.md
Network endpoints1
github.com/rendotdev/lgtm

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/cli.mjs` exposes explicit `lgtm setup`/`install` commands.
  • Setup spawns `pi`, `claude`, or `codex` plugin-install commands.
  • Claude setup adds `https://github.com/rendotdev/lgtm` marketplace then installs `lgtm@rendotdev`.
  • Package ships MCP/plugin manifests that execute `dist/cli.mjs` when enabled.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • Integration mutation requires an explicit CLI setup/install command.
  • Review server binds only to `127.0.0.1` and reports a localhost URL.
  • No credential harvesting, remote payload loading, or non-local exfiltration was found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 317 file(s), 11.5 MB of source, external domains: github.com, react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
dist/web/assets/vue-vine-BoACsSsE.jsView file
1import{t as e}from"./javascript-wR_EsWTm.js";import{t}from"./css-Cn28CBri.js";import{t as n}from"./scss-DtdZojWh.js";import r from"./postcss-BXeXVLqQ.js";import i from"./less-DVTAw...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/web/assets/vue-vine-BoACsSsE.jsView on unpkg · L1
dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
path = dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2 kind = high_entropy_blob sizeBytes = 7716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkg

Findings

1 High4 Medium6 Low
HighShips High Entropy Blobdist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requiredist/web/assets/vue-vine-BoACsSsE.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License