registry  /  convariance  /  0.3.0

convariance@0.3.0

Put Claude Code (or any MCP agent) in your live conversation — transcript in, typed inline contributions out. `npx convariance` sets up the MCP server; the agent ships its own web UI with mic transcription.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `convariance setup`, bare `convariance` in an interactive TTY, or `convariance serve`.
Impact
Adds an AI-agent extension and local conversation bridge with user consent; no confirmed malicious impact.
Mechanism
explicit MCP registration plus loopback transcript bridge
Rationale
The package has agent-control surface risk because its explicit setup command installs a Claude Code MCP server, but inspection shows this is package-aligned, user-invoked, and not an install hook. The runtime bridge is local and token-gated, with no source evidence of credential theft, external exfiltration, remote code execution, persistence beyond explicit MCP config, or destructive behavior.
Evidence
package.jsondist/cli.jsdist/agent.jsdist/index.jsdist/session-DRc4W-4G.jsREADME.md./.mcp.json/tmp/convariance-bridge-<port>.json
Network endpoints4
127.0.0.1:7700localhost:7700localhost:5173127.0.0.1:5173

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/cli.js setup explicitly runs `claude mcp add ... convariance -- npx -y convariance` or writes `./.mcp.json`.
  • dist/cli.js can spawn the platform browser opener and registers an MCP server when user runs `convariance setup` or bare TTY command.
  • dist/agent.js and dist/cli.js expose MCP actions that bridge live transcript/messages to an AI participant over local HTTP/SSE.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks.
  • MCP registration is explicit CLI behavior, not automatic install-time mutation.
  • Gateway binds to BRIDGE_HOST default 127.0.0.1 and requires a random or configured pairing token for /bridge routes.
  • No credential harvesting, destructive filesystem behavior, remote payload loading, or external exfiltration endpoint found.
  • File writes are package-aligned: .mcp.json fallback and temp convariance-bridge metadata.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 153 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2View file
path = dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2 kind = high_entropy_blob sizeBytes = 13780 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2View on unpkg

Findings

1 High3 Medium4 Low
HighShips High Entropy Blobdist/ui/assets/hanken-grotesk-latin-600-normal-CIXX6EOa.woff2
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings