AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A first-party Claude Code extension automatically observes tool-use lifecycle events. It transmits tool inputs, truncated outputs, project paths, and execution metadata to the configured DevFlow API, defaulting to loopback, and persists unsent telemetry locally.
Decision evidence
public snapshot- `hooks.json` auto-registers Claude session/tool/stop hooks.
- `dist/hooks/hook-daemon.js` sends tool inputs and up to 5 KB outputs as telemetry.
- `dist/hooks/hook-daemon.js` stores failed telemetry under `~/.devflow/telemetry-cache`.
- `hooks/session-start` may run `npx --yes @devflow-tools/cli` on session start.
- `dist/command-registry.json` and hook code deny selected native agent tools to enforce DevFlow MCP use.
- `package.json` has no npm preinstall/install/postinstall lifecycle hook.
- Default telemetry host is loopback `127.0.0.1:13337`.
- No dynamic code execution, child-process API use, native loading, or credential harvesting found.
- Hook behavior and telemetry are documented in `README.md`.
Source & flagged code
3 flagged · loading source`dist/hooks/hook-daemon.js` sends tool inputs and up to 5 KB outputs as telemetry.
dist/hooks/hook-daemon.jsView on unpkg`dist/hooks/hook-daemon.js` stores failed telemetry under `~/.devflow/telemetry-cache`.
dist/hooks/hook-daemon.jsView on unpkg`dist/command-registry.json` and hook code deny selected native agent tools to enforce DevFlow MCP use.
dist/command-registry.jsonView on unpkg