AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI-agent hook manager with explicit commands that register first-party hooks into agent settings. Risk is lifecycle/control-surface extension when a user invokes setup, not malicious install-time hijack.
Decision evidence
public snapshot- package.json has postinstall creating $HOME/.hasna/hooks/profiles.
- bin/index.js install command can write ~/.claude/settings.json or .claude/settings.json with hooks run entries.
- bin/index.js supports explicit Codewith config writes only with --apply-codewith and --codewith-config.
- hooks/hook-knowledge-context/src/hook.ts spawns configurable local knowledge command during hook events.
- hooks/hook-autoformat/src/hook.ts runs local formatters/bunx after Edit/Write events.
- No install-time mutation of ~/.claude, ~/.gemini, or ~/.codewith settings found.
- Agent config mutation is under explicit hooks install/MCP setup commands, not npm postinstall.
- Codewith default install returns a TOML fragment and refuses default ~/.codewith writes.
- Knowledge hook redacts secrets, bounds query/output, and does not call network APIs directly.
- No credential harvesting, hidden remote payload download, destructive lifecycle script, or exfiltration endpoint found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
bin/index.jsView on unpkg · L52Package source invokes a package manager install command at runtime.
hooks/hook-autoformat/src/hook.tsView on unpkg · L8This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/hook-knowledge-context/src/hook.tsView on unpkg