AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs the package CLI, notably no-flag legacy mode, `--init`, or `--hooks`.
Impact
Changes AI-agent command/configuration surfaces and can affect later Claude Code sessions.
Mechanism
Explicit CLI writes Claude Code commands, project agent files, and an optional PreToolUse hook.
Rationale
The package is not concretely malicious, but it intentionally mutates Claude Code control surfaces through explicit user commands, including a legacy global mode. Per policy this is a warn-level AI-agent capability risk rather than a publish-block event.
Evidence
package.jsonbin/index.jshooks/data-guard.jsscripts/init.shscripts/upgrade.sh~/.claude/commands/*.md.claude/commands/*.md.agent/**.claude/hooks/data-guard.js.claude/settings.json
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `bin/index.js` copies commands to `~/.claude/commands/` when invoked without flags.
- `--init` writes package content into project `.agent/` and `.claude/commands/`.
- Explicit `--hooks` copies a hook and modifies `.claude/settings.json`.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- All agent-control writes require an explicit CLI invocation or option.
- `hooks/data-guard.js` blocks access to credential-like paths; no harvesting or exfiltration found.
- No network client, encoded payload, eval, native loader, or hidden persistence found in inspected code.
Behavioral surface
ChildProcessDynamicRequireFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcecore/hooks/data-guard.jsView file
15L16: const readline = require('readline');
L17:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
core/hooks/data-guard.jsView on unpkg · L15scripts/init.shView file
•path = scripts/init.sh
kind = build_helper
sizeBytes = 1962
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/init.shView on unpkgFindings
3 Medium4 Low
MediumDynamic Requirecore/hooks/data-guard.js
MediumShips Build Helperscripts/init.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings