AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is an AI-agent hook manager with explicit commands/MCP tools to register hooks into agent settings and run hook scripts. Risk is lifecycle/control-surface extension, but activation is user-invoked rather than npm install-time hijack.
Decision evidence
public snapshot- package.json has postinstall lifecycle script creating $HOME/.hasna/hooks/profiles.
- bin/index.js explicit `hooks install` writes Claude/Gemini hook commands into settings.json.
- bin/index.js exposes MCP tools that can install/update/disable hooks and run hook scripts.
- hooks include user-configured outbound notification/storage features and hook event logging.
- postinstall only runs mkdir for package-owned profile directory; no agent settings mutation at npm install time.
- Codewith install is fragment-only by default and direct write requires explicit --codewith-config path.
- Network use is package-aligned: npm registry checks, user-configured webhooks/ntfy, and env-configured PostgreSQL.
- No hardcoded credential theft, stealth persistence, remote payload download/execute, or destructive install behavior found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
bin/index.jsView on unpkg · L52Package source invokes a package manager install command at runtime.
hooks/hook-autoformat/src/hook.tsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/hook-knowledge-context/src/hook.tsView on unpkg