AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface in the distributed wrapper source. Install-time behavior only places a selected platform binary from a package-owned optional dependency.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or explicit claude CLI invocation
Impact
No credential harvesting, exfiltration, destructive action, persistence, or AI-agent control-surface mutation is established.
Mechanism
platform binary selection and local copy/link or execution
Rationale
Static hints arise from a normal postinstall native-binary wrapper pattern. Direct inspection finds no concrete malicious behavior in the shipped source; referenced optional dependency payloads are not present in this package.
Evidence
package.jsoninstall.cjscli-wrapper.cjsbin/claude.exe
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json postinstall runs only install.cjs.
- install.cjs selects a platform-owned optional dependency and copies/links its executable to bin/claude.exe.
- install.cjs has no network, credential collection, eval, or agent-config writes.
- bin/claude.exe is a short error-message shell stub, not a native payload.
- cli-wrapper.cjs only resolves the matching optional dependency and launches it with user CLI arguments.
Behavioral surface
ChildProcessEnvironmentVarsFilesystem
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/claude.exeView file
•path = bin/claude.exe
kind = native_binary
sizeBytes = 495
magicHex = [redacted]
Medium
Findings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
MediumShips Native Binarybin/claude.exe
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowNo License