AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package is an explicit LLM capture-proxy launcher. Its documented runtime captures request/response content and forwards to a hardcoded upstream, but the executable implementing this behavior is absent from the inspected package.
Static reason
No blocking static signals were detected.
Trigger
User runs `umans-gate` or `npx umans-gate` and points an LLM client at the local proxy.
Impact
Potential exposure of prompts, responses, and configured API credentials to an opaque native proxy implementation.
Mechanism
Native-binary launcher for an LLM traffic capture proxy.
Rationale
No install-time behavior or concrete malicious chain appears in the inspected files. Warn because the package launches unavailable native code for a documented LLM capture-and-forward capability, leaving meaningful data-exposure risk unresolved by source inspection.
Evidence
package.jsonnpm-shim.cjsREADME.md
Network endpoints2
api.code.umans.ailocalhost:1945
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `README.md` documents capture of full LLM request/response bodies and SQLite storage.
- `README.md` states the upstream target is hardcoded as `https://api.code.umans.ai`.
- `npm-shim.cjs` launches an uninspected platform-specific native binary from optional dependencies.
- The launcher is activated by explicit `umans-gate`/`npx` execution, not at install time.
Evidence against
- `package.json` contains no lifecycle scripts.
- The shipped source contains only text files and `npm-shim.cjs`; no bundled native payload is present.
- `npm-shim.cjs` uses fixed package paths derived only from platform and architecture.
- No inspected source performs credential harvesting, network I/O, persistence, or AI-agent configuration changes.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
4 Medium1 Low
MediumAi Review Evidence
MediumAi Review Evidence
MediumSuspicious Dependency Evidence
MediumAi Review Evidence
LowFilesystem