AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package provides a local review server and first-party Pi, Claude, and Codex integration setup through explicit commands.
Static reason
No blocking static signals were detected.
Trigger
User invokes `lgtm setup`/`install`/`update`, or loads the installed agent plugin/MCP server.
Impact
Can add its own agent integrations and process user-selected review content; no unconsented install-time mutation or exfiltration is established.
Mechanism
Explicit agent-extension installation plus localhost Git/Markdown review service.
Rationale
Source inspection found no concrete malicious chain. This is a first-party agent-extension package with explicit setup/update commands, so it warrants a non-blocking warning under the extension lifecycle policy.
Evidence
package.jsonbin/lgtm.mjsdist/cli.mjsextensions/index.js.mcp.json.mcp.claude.json.codex-plugin/plugin.json.claude-plugin/plugin.json
Network endpoints1
localhost
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/cli.mjs` runs Pi/Claude/Codex integration commands for explicit `setup`/`install`/`update`.
- `.mcp.json` and `.mcp.claude.json` register an MCP command for the package.
- `extensions/index.js` registers agent tools that read selected Git/worktree content for review.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- Review HTTP server binds only to `127.0.0.1`; web fetches target local `/api/*` routes.
- No credential-path harvesting, remote exfiltration endpoint, dynamic code loading, or destructive filesystem behavior found.
- Agent integration actions are gated behind explicit CLI commands; no automatic foreign control-surface mutation found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/web/assets/sass-DXrisJhu.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"Sass","fileTypes":["sass"],"foldingStartMarker":"/\\\\*|^#|^\\\\*|^\\\\b|\\\\*#?region|^\\\\.","foldingStopMarker":"\\\\*/|\\\\*#?e...
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/web/assets/sass-DXrisJhu.jsView on unpkg · L1dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
•path = dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
kind = high_entropy_blob
sizeBytes = 7716
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkgFindings
1 High4 Medium6 Low
HighShips High Entropy Blobdist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requiredist/web/assets/sass-DXrisJhu.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License