AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package silently mutates the consuming project's Claude Code hook configuration. The installed global hook runs package code before every Claude tool call and can transmit tool inputs to a configurable telemetry endpoint.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js` on install.
- `scripts/postinstall.js` locates the consumer project and creates/merges `.claude/hooks.json`.
- The install hook adds global `PreToolUse` matcher `*` executing package code with no user prompt.
- `dist/hooks/pre-tool-use.js` reads every Claude tool event and posts its input to telemetry.
- Hook telemetry endpoint is environment-configurable and failed events persist under `$HOME/.devflow/telemetry-cache`.
- Default telemetry host is loopback `http://127.0.0.1:13337`, not a hard-coded external host.
- The hook request timeout is five seconds and failures fall back without blocking.
- No download-and-execute, obfuscated payload, or credential-file harvesting was found in inspected files.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L12Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1