AI Security Review
scanned 18h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The meaningful risk is explicit user-command setup of first-party AI assistant hooks and plugin registration for Honeycomb memory capture/recall.
Decision evidence
public snapshot- bundle/cli.js explicit setup/connect can wire Claude/Codex/Cursor hooks under user assistant config dirs
- bundle/cli.js Claude connector can run `claude plugin marketplace add/install/enable honeycomb`
- harnesses/claude-code/hooks/hooks.json defines hook commands that execute bundled Honeycomb handlers
- embeddings/embed-daemon.js lazily downloads/loads HuggingFace model via @huggingface/transformers at runtime
- package.json postinstall only runs local dependency presence checks
- scripts/ensure-tree-sitter.mjs checks installed WASM grammar files and exits non-fatally
- scripts/ensure-embed-deps.mjs only require.resolve checks optional dependency; no import/download
- Assistant hook/config mutation is under explicit CLI setup/connect/uninstall paths, not npm install-time
- SDK and hook bundles target local daemon endpoints and package-aligned APIs; no credential harvesting found
- Config uninstall paths filter/remove Honeycomb-owned entries while preserving foreign hooks
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references child process execution.
harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L16133This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bundle/cli.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bundle/cli.jsView on unpkg · L132Source writes installer persistence such as shell profile or service configuration.
bundle/cli.jsView on unpkg · L132Package source references dynamic require/import behavior.
embeddings/embed-daemon.jsView on unpkg · L34Package source references a known benign dynamic code generation pattern.
embeddings/embed-daemon.jsView on unpkg · L34A single source file combines environment access, network access, and code or shell execution; review context before blocking.
daemon/restart-helper.jsView on unpkg · L1Package ships high-entropy non-source blobs.
assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
daemon/index.jsView on unpkg