AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `syn .` setup modifies project-local Claude Code configuration and installs hooks that can gate tool calls. No install-time execution, remote payload loading, or confirmed exfiltration was found.
Decision evidence
public snapshot- `dist/cli/index.js` installs Claude Code hook commands in `.claude/settings.local.json`.
- Those hooks POST tool input to a local `/gate` service and can return a Claude permission deny decision.
- `dist/cli/index.js` writes a Synthra policy block to `CLAUDE.md` directing agents to prefer its MCP tools.
- Default `syn .` explicitly starts the local service, installs hooks, and registers project-scoped MCP.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `bin/syn` only imports the CLI after the user invokes the executable.
- Server binds to `127.0.0.1`; inspected hook traffic targets only localhost.
- Registry access is a version check for the package's own npm name; no credential or source exfiltration found.
- No bidi control characters were found in inspected distribution entrypoints.
Source & flagged code
2 flagged · loading sourceSource contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/server/index.jsView on unpkg · L3037Package source references weak cryptographic algorithms.
dist/server/index.jsView on unpkg · L64