AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package implements an explicit local reverse proxy/agent launcher with powerful user-invoked MCP worker features, but the inspected behavior is aligned with its documented purpose.
Decision evidence
public snapshot- dist/peer-mcp-personas-CThUmeHE.js exposes user-invoked worker MCP tools including implement/test with edit/write/bash capability.
- dist/main.js has self-update logic that can run npm install -g github-router@latest after runtime launch when enabled.
- dist/main.js mutates router-owned Claude config mirror to add MCP servers for spawned Claude sessions.
- package.json prepare is only (simple-git-hooks || true); no install/postinstall hook executes package payload.
- README.md and package.json describe a Copilot reverse proxy and Claude/Codex launcher matching observed network and MCP behavior.
- dist/peer-mcp-personas-CThUmeHE.js routes requests to GitHub/Copilot endpoints and validates worker tool arguments; no hidden credential harvesting found.
- dist/paths-Cn5OzmYL.js stores tokens/config under ~/.local/share/github-router and per-launch isolated Claude config, not arbitrary user files.
- No import-time execution path found; bin entry dist/main.js requires explicit CLI invocation.
Source & flagged code
6 flagged · loading sourcePackage source references child process execution.
dist/lifecycle-Cqe8OQVX.jsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version.
dist/peer-mcp-personas-CThUmeHE.jsView on unpkgSource exposes local file and command tools to a remote model endpoint.
dist/peer-mcp-personas-CThUmeHE.jsView on unpkg · L12Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/peer-mcp-personas-CThUmeHE.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/peer-mcp-personas-CThUmeHE.jsView on unpkg · L32