AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network calls, config writes, local auth storage, git inspection, and optional hook helpers are aligned with the advertised /vibe MCP collaboration product and require runtime/user-invoked actions.
Decision evidence
public snapshot- package.json has no preinstall/postinstall lifecycle scripts; bin entries are cli.js and setup.js only.
- setup.js modifies Claude MCP config only when user runs setup/TTY CLI, adding npx slashvibe-mcp@latest for the advertised MCP server.
- index.js starts an MCP server and exposes vibe_* social/presence/messaging tools; no import-time credential harvesting found.
- tools/subscriptions.js sends the stored auth token only as Authorization to configured VIBE_API_URL/default slashvibe.dev for the subscription feature.
- tools/_work-context.js gathers bounded git/project context, uses execFileSync with shell:false, redacts common secrets, and is used for presence context.
- hooks/check-guest-messages.* are shipped helper hooks but are not installed by package lifecycle; injected external messages include safety warnings.
Source & flagged code
7 flagged · loading sourcePackage contains a critical-looking secret pattern.
tools/_work-context.test.jsView on unpkg · L83GitHub personal access token in tools/_work-context.test.js
tools/_work-context.test.jsView on unpkg · L83Source combines credential-like environment material and outbound requests; review data flow before blocking.
tools/subscriptions.jsView on unpkg · L39Package ships non-JavaScript build or shell helper files.
hooks/check-guest-messages.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
tools/init.jsView on unpkgGitHub personal access token in tools/_work-context.manual-test.js
tools/_work-context.manual-test.jsView on unpkg · L77