registry  /  vibe-lm  /  0.2.3

vibe-lm@0.2.3

A comprehensive set of agentic tools for LM Studio: file operations, web fetching/search, memory, SSH, and an autonomous vibe_bridge keep-alive loop.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Loading the plugin in LM Studio and invoking enabled tools; enabling `vibe_bridge` starts its autonomous loop.
Impact
A compromised or prompt-injected model session could run commands and modify files within the configured workspace; optional SSH can affect user-supplied remote hosts.
Mechanism
Agent tool provider executes workspace shell commands, file operations, web requests, and optional SSH.
Rationale
Source inspection found no malicious lifecycle behavior or exfiltration chain, but confirmed broad agentic execution capabilities and guarded autonomous operation. Treat as a warning-level dangerous capability rather than a publish-blocking malicious package.
Evidence
package.jsonsrc/index.tssrc/toolsProvider.tssrc/toolSettings.tsscripts/search_server.pybuild.shrelease/vibeLM-v0.2.3.zipsrc/config.ts~/.lmstudio/extensions/data/drunkktoys/vibe-lm/config.json~/.lmstudio/extensions/data/drunkktoys/vibe-lm/runtime-state.json~/.lmstudio/extensions/data/drunkktoys/vibe-lm/session-log.jsonl
Network endpoints4
localhost:1234/v1/modelslocalhost:1234/api/v0/modelslocalhost:8394/searchwww.bing.com/search

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/toolsProvider.ts` exposes default-enabled workspace file writes and arbitrary `bash_terminal` execution.
  • `src/toolsProvider.ts` passes the full process environment to shell commands and offers password-based remote SSH execution when enabled.
  • `src/toolsProvider.ts` can auto-start the `vibe_bridge` autonomous loop when its plugin setting is enabled.
  • `build.sh` installs a first-party LM Studio plugin, persists configuration under `~/.lmstudio`, and starts a local search proxy.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • `src/index.ts` only probes the local LM Studio API and registers the declared provider.
  • File helpers enforce a configured workspace boundary through `sandboxPath`.
  • `scripts/search_server.py` is a readable local proxy that queries Bing only for user search requests.
  • The bundled ZIP contains readable source and build artifacts; no hidden executable payload was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 382 KB of source, external domains: example.com, one.com, search.example.com, two.com

Source & flagged code

8 flagged · loading source
dist/toolsProvider.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vibe-lm@0.2.2 matchedIdentity = npm:dmliZS1sbQ:0.2.2 similarity = 0.625 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/toolsProvider.jsView on unpkg
64const toolSettings_1 = require("./toolSettings"); L65: const LMSTUDIO_API_PORT = process.env.LMSTUDIO_API_PORT || "1234"; L66: const API_BASE = `http://localhost:${LMSTUDIO_API_PORT}`; L67: // Persistent runtime data lives under extensions/data, NOT extensions/plugins — `lms dev --install` ... L273: } L274: const data = await resp.json(); L275: if (!data?.data?.length) { ... L1335: ok: true, L1336: data: { L1337: ...compact, ... L1642: time: now.toLocaleTimeString("en-US", { hour: "2-digit", minute: "2-digit", second: "2-digit", hour12: false, timeZoneName: "short" }), L1643: timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/toolsProvider.jsView on unpkg · L64
tests/test_build.shView file
path = tests/test_build.sh kind = payload_in_excluded_dir sizeBytes = 1418 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

tests/test_build.shView on unpkg
path = tests/test_build.sh kind = build_helper sizeBytes = 1418 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

tests/test_build.shView on unpkg
release/vibeLM-v0.2.3.zipView file
path = release/vibeLM-v0.2.3.zip kind = high_entropy_blob sizeBytes = 131079 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

release/vibeLM-v0.2.3.zipView on unpkg
path = release/vibeLM-v0.2.3.zip kind = compressed_blob sizeBytes = 131079 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

release/vibeLM-v0.2.3.zipView on unpkg
path = release/vibeLM-v0.2.3.zip kind = nested_archive_needs_inspection sizeBytes = 131079 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

release/vibeLM-v0.2.3.zipView on unpkg
tests/tools.test.tsView file
153patternName = generic_password severity = medium line = 153 matchedText = password...nt",
Medium
Secret Pattern

Hardcoded password in tests/tools.test.ts

tests/tools.test.tsView on unpkg · L153

Findings

3 High7 Medium5 Low
HighShips High Entropy Blobrelease/vibeLM-v0.2.3.zip
HighPayload In Excluded Dirtests/test_build.sh
HighPrevious Version Dangerous Deltadist/toolsProvider.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/toolsProvider.js
MediumShips Build Helpertests/test_build.sh
MediumShips Compressed Blobrelease/vibeLM-v0.2.3.zip
MediumStructural Risk Force Deep Review
MediumSecret Patterntests/tools.test.ts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectionrelease/vibeLM-v0.2.3.zip