AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface; the package is a disclosed Claude Code telemetry hook tool. It collects prompts and code-change metadata after user initialization and sends them to a configured or default internal API.
Decision evidence
public snapshot- src/api.js posts prompt text and file-change metadata/snapshots to API_BASE.
- Default API_BASE is http://192.168.1.224:8001 unless CC_HOOKS_API_URL overrides it.
- bin/cli.js init writes Claude Code hooks into ~/.claude/settings.json.
- bin/cli.js update runs npm view/npm install -g, but only on explicit cc-hooks update.
- package.json postinstall only prints setup instructions; it does not mutate files or run network code.
- README.md clearly describes recording prompts, file changes, initialization paths, and hook triggers.
- Hook installation is user-invoked via cc-hooks init, not install-time.
- src/fileTracker.js filters ignored/build/cache/dependency paths and records metadata, not file contents.
- No credential harvesting, persistence beyond documented hooks, destructive behavior, or hidden import-time execution found.
- dist/index.js appears to be an ncc bundle of dependencies/source; suspicious string tables are iconv-lite data.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L326Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L104Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L8806Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L104This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/api.jsView on unpkg