AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Claude plugin with hooks activated around Write/Edit tool use. The hooks can deny narrow generated-file edits and inspect changed files, but no concrete malicious behavior or data exfiltration is established.
Decision evidence
public snapshot- `hooks/hooks.json` registers Claude `PreToolUse`/`PostToolUse` commands for every Write/Edit action.
- `bin/sidecar-prewrite-guard` reads tool event paths and can deny edits to narrowly defined generated-artifact paths.
- `bin/forge-lint` and `bin/demo-postwrite-pattern-gate` run after edits, creating an agent-extension lifecycle surface.
- `skills/adia-release/scripts/release-pack.mjs` can run release shell commands only when explicitly invoked.
- `package.json` has no preinstall, install, postinstall, bin, main, or module entrypoint.
- Hook scripts inspect stdin and changed project files; no credential harvesting, exfiltration, or remote payload loading was found.
- The post-write gate and pre-write guard contain no subprocess, network, or file-write operations.
- Browser-based review scripts target only `http://localhost:${port}` and write review artifacts under the user-selected checkout.
Source & flagged code
2 flagged · loading source`hooks/hooks.json` registers Claude `PreToolUse`/`PostToolUse` commands for every Write/Edit action.
hooks/hooks.jsonView on unpkg`skills/adia-release/scripts/release-pack.mjs` can run release shell commands only when explicitly invoked.
skills/adia-release/scripts/release-pack.mjsView on unpkg