AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. The package is a powerful user-invoked GitHub Copilot/Claude/Codex proxy that can create router-owned agent configuration and expose shell/search tools to model-driven workflows.
Decision evidence
public snapshot- dist/main.js writes router-owned Claude MCP config and peer subagent .md files under PATHS.CLAUDE_CONFIG_DIR/agents
- dist/peer-mcp-personas-DMM1akDa.js exposes worker bash/code-search tools that can spawn shell commands under user-selected workspaces
- dist/main.js can queue runtime self-update via npm install -g github-router@latest when selfUpdate is enabled
- dist/paths-Bt7sqiVr.js writes synthetic Claude credentials and mirrored .claude.json in ~/.local/share/github-router/claude-config
- package.json has no preinstall/install/postinstall; prepare only runs simple-git-hooks for source/VCS workflows
- bin entry dist/main.js activates behavior only when github-router CLI commands are run
- Claude config mutation is scoped to github-router-owned per-launch mirror, not the user's real ~/.claude directory
- Network use is package-aligned for a GitHub Copilot reverse proxy: api.github.com and api.githubcopilot.com
- Toolbelt downloads use pinned GitHub release URLs with sha256 entries
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/peer-mcp-personas-DMM1akDa.jsView on unpkg · L12Source exposes local file and command tools to a remote model endpoint.
dist/peer-mcp-personas-DMM1akDa.jsView on unpkg · L12Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/peer-mcp-personas-DMM1akDa.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/peer-mcp-personas-DMM1akDa.jsView on unpkg · L32This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/main.jsView on unpkg