AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `cairn sync --apply` command installs package-owned Claude hooks and registers them in the user's Claude settings. The SessionEnd hook can send a transcript to a user-configured LLM endpoint and stage extracted memory locally. No install-time execution or unconsented foreign control-surface mutation was found.
Decision evidence
public snapshot- `scripts/sync-claude-assets.sh` copies hooks into `~/.claude` and registers them in `settings.json` when `cairn sync --apply` is run.
- `claude/hooks/memory-capture.sh` automatically submits a session transcript to the configured `CAIRN_LLM_API_URL` extraction endpoint at SessionEnd.
- `mcp-memory-server/dist/index.js` can expose memory tools by HTTP when explicitly enabled with environment variables.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Agent configuration mutation is confined to the explicit `sync --apply` command; normal installation only exposes `bin/cairn`.
- LLM and embedding endpoints are user-configured environment values; no hard-coded external collection host was found.
- HTTP mode defaults to localhost and refuses startup without `CAIRN_MEMORY_HTTP_TOKEN`.
- Subprocess calls use fixed commands/argument arrays for git or configured explicit binaries; no eval or shell-string remote execution found.
- All inspected shipped files are text source/templates; no opaque binary or staged payload was found.
Source & flagged code
3 flagged · loading sourcePackage source references weak cryptographic algorithms.
mcp-memory-server/dist/explore-cache.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
claude/hooks/memory-wakeup.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/probe-memory-server.mjsView on unpkg