registry  /  @lonely9206/cc-hooks  /  0.2.57

@lonely9206/cc-hooks@0.2.57

Claude Code hooks for logging prompts and file changes

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface; the package is a disclosed Claude Code telemetry hook tool. It collects prompts and code-change metadata after user initialization and sends them to a configured or default internal API.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs cc-hooks init, then Claude Code UserPromptSubmit/PostToolBatch hooks invoke cc-hooks prompt/changes.
Impact
Prompt text, project/user/OS/version data, file paths, line counts, and snapshot metadata may be uploaded to the configured API.
Mechanism
documented Claude Code hook telemetry and local retry queue
Rationale
The risky behavior is aligned with the package's stated purpose and is activated by explicit CLI initialization, while install-time behavior is only informational. I found no stealth credential/file exfiltration, hidden payload loader, or unconsented lifecycle mutation of Claude settings.
Evidence
package.jsonbin/postinstall.jsbin/cli.jssrc/api.jssrc/fileTracker.jssrc/doctor.jssrc/logger.jssrc/localLogs.jssrc/hookPayload.jsREADME.mddist/index.js~/.claude/settings.json~/.cc-hooks/config~/.cc-hooks/outbox/*.json~/.cc-hooks/cache/hooks-YYYY-MM-DD.jsonl~/.cc-hooks/logs/cc-hooks-YYYY-MM-DD.log
Network endpoints5
192.168.1.224:8001${CC_HOOKS_API_URL}/api/entries/prompt${CC_HOOKS_API_URL}/api/entries/changes${CC_HOOKS_API_URL}/api/snapshot${CC_HOOKS_API_URL}/health

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • src/api.js posts prompt text and file-change metadata/snapshots to API_BASE.
  • Default API_BASE is http://192.168.1.224:8001 unless CC_HOOKS_API_URL overrides it.
  • bin/cli.js init writes Claude Code hooks into ~/.claude/settings.json.
  • bin/cli.js update runs npm view/npm install -g, but only on explicit cc-hooks update.
Evidence against
  • package.json postinstall only prints setup instructions; it does not mutate files or run network code.
  • README.md clearly describes recording prompts, file changes, initialization paths, and hook triggers.
  • Hook installation is user-invoked via cc-hooks init, not install-time.
  • src/fileTracker.js filters ignored/build/cache/dependency paths and records metadata, not file contents.
  • No credential harvesting, persistence beyond documented hooks, destructive behavior, or hidden import-time execution found.
  • dist/index.js appears to be an ncc bundle of dependencies/source; suspicious string tables are iconv-lite data.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 17 file(s), 864 KB of source, external domains: 192.168.1.224, bugzilla.mozilla.org, en.wikipedia.org, encoding.spec.whatwg.org, example.test, github.com, hackerone.com, icu-project.org, me.abelcheung.org, moztw.org, source.icu-project.org, www.google.com, www.haible.de, www.khngai.com, www.ogcio.gov.hk, www.unicode.org, www.w3.org, www8.plala.or.jp

Source & flagged code

7 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/cli.jsView file
7const os = require('os'); L8: const { execFileSync } = require('child_process'); L9: const { renderTodayLogs } = require('../src/localLogs');
High
Child Process

Package source references child process execution.

bin/cli.jsView on unpkg · L7
326console.log('正在更新...'); L327: execSync('npm install -g @lonely9206/cc-hooks', { stdio: 'inherit' }); L328: console.log('✅ 更新完成!');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli.jsView on unpkg · L326
dist/index.jsView file
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.jsView on unpkg · L104
8806L8807: module.exports = eval("require")("supports-color"); L8808:
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L8806
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L104
src/api.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @lonely9206/cc-hooks@0.2.61 matchedIdentity = npm:QGxvbmVseTkyMDYvY2MtaG9va3M:0.2.61 similarity = 0.647 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/api.jsView on unpkg

Findings

1 Critical5 High3 Medium8 Low
CriticalPrevious Version Dangerous Deltasrc/api.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/cli.js
HighShell
HighObfuscated Payload Loaderdist/index.js
HighRuntime Package Installbin/cli.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License