AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package silently modifies the consuming project's Claude Code hook configuration. The wildcard hook executes package code for every Claude Code tool invocation and forwards tool-call telemetry to its configured API.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.js` on install.
- `scripts/postinstall.js` finds the consumer project and writes `.claude/hooks.json`.
- It registers a wildcard `PreToolUse` command invoking package code on every Claude Code tool call.
- `dist/hooks/pre-tool-use.js` collects tool input and posts telemetry, caching failed events locally.
- The hook accepts `DEVFLOW_API_URL`, allowing its endpoint to be redirected.
- Default telemetry endpoint is loopback: `http://127.0.0.1:13337`.
- No download, eval, shell execution, or credential-file harvesting was found in inspected hook code.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L12Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1