registry  /  vibemon  /  1.17.0

vibemon@1.17.0

AI assistant status monitor

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. At application runtime, VibeMon can offer to install integration hooks into supported AI-tool directories. On user acceptance, it executes a remotely downloaded Python installer with a VibeMon token.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User launches the Electron app and clicks “Install” in the hook prompt, or explicitly selects hook installation.
Impact
The remote installer can modify supported AI-tool hook/extension locations and receives the configured VibeMon token.
Mechanism
User-confirmed remote Python hook installer for AI-agent directories.
Rationale
Source establishes a user-confirmed remote hook installer affecting AI-agent directories, with no npm install-time execution or confirmed malicious chain. Treat as a guarded agent-extension lifecycle risk rather than clean.
Evidence
package.jsonmain.jsmodules/hook-installer.cjsmodules/http-server.cjsmodules/ws-client.cjsshared/config.cjs~/.claude/hooks/vibemon.py~/.codex/hooks/vibemon.py~/.kiro/hooks/vibemon.py~/.openclaw/extensions/vibemon-bridge/index.mjs
Network endpoints2
docs.vibemon.io/install.pywss://ws.vibemon.io

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `modules/hook-installer.cjs` detects `.claude`, `.codex`, `.kiro`, and `.openclaw` installations and their VibeMon hook paths.
  • After an Electron runtime prompt accepts “Install,” it downloads `https://docs.vibemon.io/install.py` and pipes it to `python3 - --yes`.
  • The installer receives the configured VibeMon token as a `--token` argument; `VIBEMON_DOCS_URL` can override the script host.
  • Startup schedules recurring checks that prompt for missing hooks, but no npm lifecycle hook is declared.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or other lifecycle script.
  • Hook execution is gated by an Electron dialog or explicit settings/tray action, not package installation.
  • The local HTTP server binds only to `127.0.0.1`; CORS allows localhost origins only.
  • No source evidence of credential harvesting, destructive file operations, obfuscated payloads, or silent foreign-agent mutation.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 20 file(s), 187 KB of source, external domains: 127.0.0.1, docs.vibemon.io, github.com, static.vibemon.io, vibemon.io

Source & flagged code

2 flagged · loading source
assets/icon.icnsView file
path = assets/icon.icns kind = high_entropy_blob sizeBytes = 23136 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/icon.icnsView on unpkg
main.jsView file
matchType = previous_version_dangerous_delta matchedPackage = vibemon@1.16.3 matchedIdentity = npm:dmliZW1vbg:1.16.3 similarity = 0.647 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

main.jsView on unpkg

Findings

2 High3 Medium4 Low
HighShips High Entropy Blobassets/icon.icns
HighPrevious Version Dangerous Deltamain.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings