AI Security Review
scanned 4h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/hook.js explicit `hover-hook install` writes `.claude/settings.json` hook commands
- dist/hook.js session hooks can run on Claude Code SessionStart/UserPromptSubmit/Stop after user install
- dist/mcp.js reads Hover cloud credentials via dependency and calls cloud APIs when cloud tools/hooks are invoked
- package.json has no preinstall/install/postinstall lifecycle scripts
- package.json bin entries are explicit CLIs: `hover-mcp` and `hover-hook`
- dist/mcp.js MCP server actions are user/tool invoked and package-aligned for browser testing/spec generation
- dist/mcp.js redacts password field values into env refs when crystallizing specs
- dist/hook.js hook install is explicit command, not install-time mutation
- No evidence of credential exfiltration, remote payload execution, destructive behavior, or stealth persistence
Source & flagged code
3 flagged · loading sourcedist/hook.js explicit `hover-hook install` writes `.claude/settings.json` hook commands
dist/hook.jsView on unpkgdist/hook.js session hooks can run on Claude Code SessionStart/UserPromptSubmit/Stop after user install
dist/hook.jsView on unpkgdist/mcp.js reads Hover cloud credentials via dependency and calls cloud APIs when cloud tools/hooks are invoked
dist/mcp.jsView on unpkg