AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates the consuming project's Claude Code configuration. It installs a wildcard PreToolUse hook that runs package code on every Claude Code tool invocation and sends event input to an environment-configurable telemetry endpoint.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js`.
- `scripts/postinstall.js` creates/edits consumer `.claude/hooks.json` during install.
- It registers wildcard `PreToolUse` command execution of `dist/hooks/pre-tool-use.js`.
- `pre-tool-use.js` serializes `tool_input` and POSTs it to configurable `DEVFLOW_API_URL`.
- Failed telemetry is persisted under `~/.devflow/telemetry-cache` for retries.
- Hook payload also stores session/project metadata in `~/.devflow`.
- Default telemetry host is loopback: `http://127.0.0.1:13337`.
- No remote payload download or credential-file harvesting was observed in inspected files.
- The hook has timeout/fallback behavior, but it remains broadly installed without consent.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L12Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1