AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. On Claude Code session start, the package launches a local hook daemon. Pre/post tool hooks collect Claude tool metadata, inputs, outputs, and failed Bash stderr, then POST them to the configured DevFlow API; failed telemetry is retained locally.
Decision evidence
public snapshot- `hooks.json` activates shell hooks for every Claude session and tool use.
- `dist/hooks/hook-daemon.js` records tool inputs and up to 5 KB of tool output.
- `dist/hooks/hook-daemon.js` POSTs telemetry and Bash error details to a configurable API URL.
- Telemetry failures cache captured events under `~/.devflow/telemetry-cache`.
- `hooks/session-start` starts a persistent background Node daemon and injects MCP-use directives.
- `package.json` has no npm preinstall, install, postinstall, or prepare hook.
- Default telemetry endpoint is loopback-only: `http://127.0.0.1:13337`.
- No source evidence of external hard-coded host, credential harvesting, eval, or remote payload execution.
- `hooks/session-start` only reads `.claude/.mcp.json` to report configuration status; it does not modify it.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/hooks/hook-daemon.jsView on unpkg · L1A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/hooks/hook-daemon.jsView on unpkg · L1Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/hooks/hook-daemon.jsView on unpkg · L1