AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package can install first-party Claude Code skills into a consumer project when the user runs CLI skill/upgrade commands. No install-time mutation, exfiltration, or remote payload execution was confirmed.
Decision evidence
public snapshot- src/commands/skills.ts copies bundled skills into ./.claude/skills on explicit `hogsend skills add`.
- src/commands/upgrade.ts refreshes .claude skills while upgrading @hogsend deps, after prompt or --json/--yes.
- src/lib/skills.ts uses cpSync/writeFileSync to create .claude/skills and .claude/.hogsend-skills.json.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- src/bin.ts only dispatches user-invoked CLI commands; no import-time command execution found.
- src/lib/http.ts sends requests to user-configured Hogsend baseUrl with bearer auth for CLI API operations.
- src/lib/connect-flow.ts stores PostHog OAuth tokens only to the configured Hogsend instance admin endpoint.
- src/commands/dev.ts/setup.ts child_process usage runs expected local dev/setup commands in user-selected cwd.
- High-entropy blobs are font/static studio assets, not executable payloads.
Source & flagged code
17 flagged · loading sourceSource executes local commands and sends command output to an external endpoint.
dist/bin.jsView on unpkg · L54A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/bin.jsView on unpkg · L54Package source references dynamic require/import behavior.
dist/bin.jsView on unpkg · L2988Package source invokes a package manager install command at runtime.
src/commands/dev.tsView on unpkg · L211Package ships high-entropy non-source blobs.
studio/assets/inter-greek-wght-normal-CkhJZR-_.woff2View on unpkgHardcoded password in src/__tests__/hatchet-token.test.ts
src/__tests__/hatchet-token.test.tsView on unpkg · L80Hardcoded password in src/__tests__/hatchet-token.test.ts
src/__tests__/hatchet-token.test.tsView on unpkg · L114Hardcoded password in src/__tests__/hatchet-token.test.ts
src/__tests__/hatchet-token.test.tsView on unpkg · L137Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L116Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L140Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L142Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L149Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L154Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L172Hardcoded password in src/__tests__/admin-recovery.test.ts
src/__tests__/admin-recovery.test.tsView on unpkg · L180