AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked git diff analyzer that may send changed code chunks to local Ollama or OpenAI based on configuration/environment.
Decision evidence
public snapshot- packages/cli/dist/chunk-KQT4GSWI.js reads OPENAI_API_KEY_CHECKLIST and uses it as OpenAI Authorization header.
- packages/cli/dist/chunk-KQT4GSWI.js can POST changed code chunks to configured OpenAI /chat/completions when the env var is set.
- CLI writes analysis outputs and cache under user-configured paths such as .diffai/analysis.json, docs/analysis.md, and .diffai/cache.
- package.json has no preinstall/install/postinstall hooks; only prepublishOnly build script.
- packages/cli/dist/bin.js only invokes createProgram().parseAsync(process.argv), so behavior is CLI user-invoked.
- Default AI endpoint is local Ollama at http://localhost:11434 unless OPENAI_API_KEY_CHECKLIST is present or config forces OpenAI.
- Network destinations are package-aligned AI providers: localhost Ollama and https://api.openai.com/v1.
- No broad credential/file harvesting, persistence, destructive install-time behavior, or AI-agent control-surface mutation found.
- File deletion is limited to generated cache/docs/summary cleanup on branch-state changes.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
packages/cli/dist/chunk-KQT4GSWI.jsView on unpkg · L20A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
packages/cli/dist/chunk-KQT4GSWI.jsView on unpkg · L20Package source references weak cryptographic algorithms.
packages/cli/dist/chunk-KQT4GSWI.jsView on unpkg · L20