AI Security Review
scanned 18h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface. The real risk is package-owned agent hook setup that modifies AI harness configs only when the user runs honeycomb setup/connect or installs/enables its plugin.
Decision evidence
public snapshot- bundle/cli.js setup/connect can write hook handlers/config under ~/.claude, ~/.codex, ~/.cursor
- bundle/cli.js invokes claude plugin commands when user runs setup for Claude Code
- hook bundles capture AI-session events and send them to local Honeycomb daemon
- embeddings/embed-daemon.js uses dynamic import/new Function for @huggingface/transformers at runtime
- package.json postinstall only runs dependency sanity checks
- scripts/ensure-tree-sitter.mjs only resolves WASM/parser deps and exits non-fatally
- scripts/ensure-embed-deps.mjs only checks optional transformer dependency; no download/import
- No unconsented install-time mutation of AI-agent configs observed
- Hook network traffic is primarily loopback 127.0.0.1 daemon endpoints
- CLI credential writes are explicit login/logout behavior
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L15999Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bundle/cli.jsView on unpkg · L94Source writes installer persistence such as shell profile or service configuration.
bundle/cli.jsView on unpkg · L94Package source references dynamic require/import behavior.
embeddings/embed-daemon.jsView on unpkg · L34Package source references a known benign dynamic code generation pattern.
embeddings/embed-daemon.jsView on unpkg · L34A single source file combines environment access, network access, and code or shell execution; review context before blocking.
daemon/restart-helper.jsView on unpkg · L1Package ships high-entropy non-source blobs.
assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
daemon/index.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
harnesses/codex/bundle/capture.jsView on unpkg