registry  /  umans-gate  /  0.1.4

umans-gate@0.1.4

LLM capture proxy with Anthropic cache_control TTL stamping, vision handoff, concurrency gating, rate limiting, and a live inspection dashboard

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package is an explicit LLM capture-proxy launcher. Its documented runtime captures request/response content and forwards to a hardcoded upstream, but the executable implementing this behavior is absent from the inspected package.

Static reason
No blocking static signals were detected.
Trigger
User runs `umans-gate` or `npx umans-gate` and points an LLM client at the local proxy.
Impact
Potential exposure of prompts, responses, and configured API credentials to an opaque native proxy implementation.
Mechanism
Native-binary launcher for an LLM traffic capture proxy.
Rationale
No install-time behavior or concrete malicious chain appears in the inspected files. Warn because the package launches unavailable native code for a documented LLM capture-and-forward capability, leaving meaningful data-exposure risk unresolved by source inspection.
Evidence
package.jsonnpm-shim.cjsREADME.md
Network endpoints2
api.code.umans.ailocalhost:1945

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `README.md` documents capture of full LLM request/response bodies and SQLite storage.
  • `README.md` states the upstream target is hardcoded as `https://api.code.umans.ai`.
  • `npm-shim.cjs` launches an uninspected platform-specific native binary from optional dependencies.
  • The launcher is activated by explicit `umans-gate`/`npx` execution, not at install time.
Evidence against
  • `package.json` contains no lifecycle scripts.
  • The shipped source contains only text files and `npm-shim.cjs`; no bundled native payload is present.
  • `npm-shim.cjs` uses fixed package paths derived only from platform and architecture.
  • No inspected source performs credential harvesting, network I/O, persistence, or AI-agent configuration changes.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 2.34 KB of source

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

4 Medium1 Low
MediumAi Review Evidence
MediumAi Review Evidence
MediumSuspicious Dependency Evidence
MediumAi Review Evidence
LowFilesystem