registry  /  @rendotdev/lgtm  /  0.1.24

@rendotdev/lgtm@0.1.24

Human approval for agent work, with code diff and Markdown review.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `lgtm setup` or `lgtm update`; review tools run only when invoked.
Impact
Can install or update this package's agent integrations and write temporary review files in the selected workspace.
Mechanism
Explicit first-party agent-plugin setup and local Git/Markdown review server
Rationale
No concrete malicious behavior is established. The explicit agent-integration setup is a real privileged capability, so it warrants a warning under the firewall policy despite being package-aligned and user-invoked.
Evidence
package.jsonbin/lgtm.mjsdist/cli.mjsextensions/index.js.mcp.json.mcp.claude.json.codex-plugin/plugin.json.claude-plugin/plugin.jsonskills/lgtm/SKILL.md.lgtm/<review-id>/manifest.json.lgtm/<review-id>/payload.json.lgtm/<review-id>/review.json.lgtm/<review-id>/server.json.lgtm/<review-id>/server.pid
Network endpoints1
github.com/rendotdev/lgtm

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/cli.mjs` implements explicit `lgtm setup`/`update` commands that spawn Pi, Claude, and Codex plugin-management commands.
  • `dist/cli.mjs` setup can add the first-party `rendotdev/lgtm` marketplace and `lgtm@rendotdev` plugin.
  • `extensions/index.js` registers agent tools that read Git diffs and write review artifacts under the active workspace `.lgtm/` directory.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No direct outbound HTTP, WebSocket, DNS, or credential-exfiltration primitive appears in `dist/cli.mjs` or `extensions/index.js`.
  • `dist/cli.mjs` binds the review server to `127.0.0.1` and opens its local URL in the browser.
  • Agent integration mutation is tied to explicit CLI `setup`/`update`, not import-time execution.
  • `extensions/index.js` exports a Pi extension registration function; loading it does not auto-install integrations.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 317 file(s), 11.5 MB of source, external domains: github.com, react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
dist/web/assets/sass-DXrisJhu.jsView file
1var e=[Object.freeze(JSON.parse(`{"displayName":"Sass","fileTypes":["sass"],"foldingStartMarker":"/\\\\*|^#|^\\\\*|^\\\\b|\\\\*#?region|^\\\\.","foldingStopMarker":"\\\\*/|\\\\*#?e...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/web/assets/sass-DXrisJhu.jsView on unpkg · L1
dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View file
path = dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2 kind = high_entropy_blob sizeBytes = 7716 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2View on unpkg

Findings

1 High4 Medium5 Low
HighShips High Entropy Blobdist/web/assets/geist-mono-vietnamese-wght-normal-D8KDMBhC.woff2
MediumDynamic Requiredist/web/assets/sass-DXrisJhu.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings