AI Security Review
scanned 9d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Authenticated runtime startup mutates AI-agent control files and installs Claude hooks without a separate explicit consent gate. Those hooks and signal handlers can collect session transcripts, cwd, and command summaries and send them to DeerDawn APIs.
Decision evidence
public snapshot- dist/index.js autoConfigureHooks writes Claude hooks and global CLAUDE.md after auth/startup.
- dist/index.js writes ~/.codex/AGENTS.md with DeerDawn instructions if it exists.
- dist/index.js syncProjectFiles writes project AGENTS.md, CLAUDE.md, .cursorrules, .deerdawn-context.md on startup.
- dist/index.js flushSession reads Claude/Codex session JSONL and POSTs conversation chunks to /api/v1/context/extraction.
- dist/index.js main records runtime startup/tool events with cwd to api.deerdawn.com.
- dist/index.js command hook captures Bash command text after redaction and records it remotely.
- package.json has no install/preinstall/postinstall lifecycle scripts.
- Network endpoints are DeerDawn-branded and partly match README-described session-memory functionality.
- Secrets are redacted in command capture and API keys are stored under ~/.deerdawn/credentials.json.
- Browser opening uses execFileSync with fixed platform commands and URL argument array, not shell interpolation.
Source & flagged code
3 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/index.jsView on unpkg · L6235Source collects local host identity data and sends it to an external endpoint.
dist/index.jsView on unpkg · L409