AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `cafekit` invocation installs project-local Claude/OpenCode agent files. Optional RTK setup downloads and executes a third-party installer, then registers a global Claude hook. Shipped browser tools can execute user-supplied page JavaScript and inject user-provided authentication data.
Decision evidence
public snapshot- `bin/phases/setup-rtk.js` opt-in path pipes a remote GitHub script to `sh` and runs `rtk init -g`.
- `src/claude/skills/chrome-devtools/scripts/evaluate.js` evaluates caller-supplied JavaScript in a browser page.
- `src/claude/hooks/usage.cjs` reads Claude OAuth credentials and sends them only to Anthropic's usage API.
- The explicit installer writes Claude/OpenCode runtime, hooks, and settings into the invoking project.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `bin/install.js` is an explicit `cafekit` CLI entrypoint, not import-time execution.
- RTK setup requires `--with-rtk` or an interactive confirmation.
- Credential use is package-aligned: the hook fetches usage data from Anthropic and caches it locally; no third-party exfiltration was found.
- `src/claude/hooks/privacy-block.cjs` blocks AI-tool access to common secret-file patterns pending user approval.
- No binary payloads or hidden executable artifacts were found in the inspected package files.
Source & flagged code
7 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
src/claude/skills/chrome-devtools/scripts/evaluate.jsView on unpkg · L32Package source references weak cryptographic algorithms.
src/claude/hooks/state.cjsView on unpkg · L23Package ships non-JavaScript build or shell helper files.
src/claude/skills/ui-ux-pro-max/scripts/design_system.pyView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
src/claude/skills/devops/scripts/tests/test_docker_optimize.pyView on unpkgHardcoded password in src/claude/skills/backend-development/references/backend-testing.md
src/claude/skills/backend-development/references/backend-testing.mdView on unpkg · L60Hardcoded password in src/claude/skills/web-testing/references/api-testing.md
src/claude/skills/web-testing/references/api-testing.mdView on unpkg · L13Hardcoded password in src/claude/skills/web-testing/references/load-testing-k6.md
src/claude/skills/web-testing/references/load-testing-k6.mdView on unpkg · L54