registry  /  @rendotdev/lgtm  /  0.1.22

@rendotdev/lgtm@0.1.22

Human approval for agent work, with code diff and Markdown review.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package provides a local review server and first-party Pi, Claude, and Codex integration setup through explicit commands.

Static reason
No blocking static signals were detected.
Trigger
User invokes `lgtm setup`/`install`/`update`, or loads the installed agent plugin/MCP server.
Impact
Can add its own agent integrations and process user-selected review content; no unconsented install-time mutation or exfiltration is established.
Mechanism
Explicit agent-extension installation plus localhost Git/Markdown review service.
Rationale
Source inspection found no concrete malicious chain. This is a first-party agent-extension package with explicit setup/update commands, so it warrants a non-blocking warning under the extension lifecycle policy.
Evidence
package.jsonbin/lgtm.mjsdist/cli.mjsextensions/index.js.mcp.json.mcp.claude.json.codex-plugin/plugin.json.claude-plugin/plugin.json
Network endpoints1
localhost

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.mjs` runs Pi/Claude/Codex integration commands for explicit `setup`/`install`/`update`.
  • `.mcp.json` and `.mcp.claude.json` register an MCP command for the package.
  • `extensions/index.js` registers agent tools that read selected Git/worktree content for review.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • Review HTTP server binds only to `127.0.0.1`; web fetches target local `/api/*` routes.
  • No credential-path harvesting, remote exfiltration endpoint, dynamic code loading, or destructive filesystem behavior found.
  • Agent integration actions are gated behind explicit CLI commands; no automatic foreign control-surface mutation found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 317 file(s), 11.5 MB of source, external domains: github.com, react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
dist/web/assets/sass-DXrisJhu.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"Sass","fileTypes":["sass"],"foldingStartMarker":"/\\\\*|^#|^\\\\*|^\\\\b|\\\\*#?region|^\\\\.","foldingStopMarker":"\\\\*/|\\\\*#?e...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/web/assets/sass-DXrisJhu.jsView on unpkg · L1
dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
path = dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2 kind = high_entropy_blob sizeBytes = 7716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkg

Findings

1 High4 Medium6 Low
HighShips High Entropy Blobdist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requiredist/web/assets/sass-DXrisJhu.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License