registry  /  convariance  /  0.2.1

convariance@0.2.1

Put Claude Code (or any MCP agent) in your live conversation — transcript in, typed inline contributions out. `npx convariance` sets up the MCP server; the agent ships its own web UI with mic transcription.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No malicious attack surface confirmed. The main risk is explicit user-command MCP registration plus a local loopback transcript bridge, both aligned with package functionality.

Static reason
No blocking static signals were detected.
Trigger
User runs `npx convariance`/`convariance setup` or an MCP client runs `convariance serve`.
Impact
Registers a first-party MCP server and exchanges live transcript/signal data locally with a paired browser UI.
Mechanism
user-invoked MCP server setup and loopback HTTP/SSE bridge
Rationale
Source inspection shows package-aligned MCP/bridge behavior with explicit setup and no npm lifecycle hook or hidden exfiltration path. Because it can register an agent extension/config when the CLI is run, treat as an agent extension lifecycle warning rather than malicious.
Evidence
package.jsondist/cli.jsdist/agent.jsdist/index.jsdist/session-D66Z10n_.jsREADME.md.mcp.json/tmp/convariance-bridge-<port>.json
Network endpoints6
127.0.0.1:7700localhost:7700localhost:5173127.0.0.1:5173github.com/convariance/convariance.gitwww.convariance.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • dist/cli.js setup registers an MCP server via `claude mcp add` or writes project `.mcp.json`.
  • dist/cli.js default TTY behavior runs setup when invoked without `serve`.
  • dist/agent.js starts a stdio MCP bridge and loopback HTTP/SSE gateway for transcripts/signals.
  • dist/agent.js writes/removes temp token info files under OS tmpdir.
Evidence against
  • package.json has no npm lifecycle hooks, so no install-time mutation.
  • MCP registration is user-invoked CLI behavior, not preinstall/install/postinstall.
  • Network surface is loopback by default: `127.0.0.1`/`localhost` bridge routes protected by pairing token except health.
  • No credential harvesting, remote payload loading, destructive behavior, or broad exfiltration found in inspected source.
  • Bundled font blobs are UI assets, not executable payloads.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 134 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2View file
path = dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2 kind = high_entropy_blob sizeBytes = 13780 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2View on unpkg

Findings

1 High3 Medium4 Low
HighShips High Entropy Blobdist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings