AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package deliberately provides an AI-agent event notifier and authenticated remote-terminal server. Hook activation requires project/user configuration; persistence requires an explicit CLI subcommand. No unconsented install-time mutation or covert exfiltration was confirmed.
Decision evidence
public snapshot- `package.json` ships `.claude/settings.json`, which installs Claude hooks when this project is used.
- `.claude/hooks/notifier.cjs` reads agent event JSON and forwards it to configured local/remote Shooter `/api/notify`.
- `bin/shooter.cjs` can create user LaunchAgent/systemd persistence, but only through explicit `shooter autostart on`.
- `package.json` postinstall only runs `node-gyp rebuild` for declared native dependencies.
- No lifecycle script invokes the CLI, setup, autostart, hooks, or external network operations.
- `.claude/hooks/codex-hooks.example.json` is an explicit copy-and-edit example, not an install-time writer.
- Reported `build/server/index.js` global `Proxy` is bundled WebContainer/Svelte compatibility code, not network interception.
- Notifier defaults to `http://localhost:54007`; remote host is supplied by the user via `SHOOTER_API_URL`.
- Source auth protects terminal and API control paths with an API key.
Source & flagged code
13 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgManifest entrypoint contains risky behavior absent from dist/build output.
bin/shooter.cjsView on unpkg · L9Package source invokes a package manager install command at runtime.
bin/shooter.cjsView on unpkg · L973Package source references dynamic require/import behavior.
bin/shooter.cjsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
bin/shooter.cjsView on unpkg · L9Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.
build/server/index.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
scripts/install.shView on unpkgPackage ships compressed or archive-like blobs.
build/client/sw.js.gzView on unpkgPackage ships high-entropy non-source blobs.
build/client/_app/immutable/nodes/11.CJoYnv7W.js.brView on unpkg