registry  /  vibemon  /  1.16.2

vibemon@1.16.2

AI assistant status monitor

AI Security Review

scanned 13h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. At app runtime, VibeMon detects missing hooks for AI tools and prompts to install them. Confirming downloads remote Python source and executes it, potentially changing AI-tool configuration outside the package.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Launch the Electron app, have a supported AI tool without its VibeMon hook, then choose Install.
Impact
A mutable remote script can alter Claude, Codex, Kiro, or OpenClaw hook/extension paths and receives the configured VibeMon token.
Mechanism
User-confirmed remote installer execution for cross-tool hooks.
Rationale
No covert install-time behavior or direct malicious payload is present, but runtime user-confirmed execution of a remote installer can modify foreign AI-agent hook surfaces. Treat as a warning rather than a block because execution requires explicit user confirmation.
Evidence
package.jsonmain.jsmodules/hook-installer.cjsmodules/ws-client.cjsshared/config.cjs~/.claude/hooks/vibemon.py~/.codex/hooks/vibemon.py~/.kiro/hooks/vibemon.py~/.openclaw/extensions/vibemon-bridge/index.mjs
Network endpoints2
docs.vibemon.io/install.pywss://ws.vibemon.io

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `modules/hook-installer.cjs` downloads `https://docs.vibemon.io/install.py` and pipes it to Python.
  • Runtime hook setup targets `~/.claude`, `~/.codex`, `~/.kiro`, and `~/.openclaw`.
  • `main.js` checks periodically for missing hooks and invokes the installer prompt.
  • `shared/config.cjs` permits environment override of the installer base URL.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • Installation requires an Electron confirmation dialog before download/execution.
  • Python is spawned with argument arrays and stdin, not a shell.
  • HTTP server binds only to `127.0.0.1`; WebSocket is app-configured telemetry.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 16 file(s), 164 KB of source, external domains: 127.0.0.1, docs.vibemon.io, static.vibemon.io, vibemon.io

Source & flagged code

2 flagged · loading source
assets/icon.icnsView file
path = assets/icon.icns kind = high_entropy_blob sizeBytes = 23136 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/icon.icnsView on unpkg
modules/hook-installer.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = vibemon@1.16.1 matchedIdentity = npm:dmliZW1vbg:1.16.1 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

modules/hook-installer.cjsView on unpkg

Findings

2 High3 Medium4 Low
HighShips High Entropy Blobassets/icon.icns
HighPrevious Version Dangerous Deltamodules/hook-installer.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings