registry  /  @lonely9206/cc-hooks  /  0.2.59

@lonely9206/cc-hooks@0.2.59

Claude Code hooks for logging prompts and file changes

AI Security Review

scanned 13d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Claude Code hook logger that sends prompts and code-change metadata to a configured or default API endpoint after user setup.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs cc-hooks init, then Claude Code UserPromptSubmit/PostToolBatch hooks run cc-hooks prompt/changes.
Impact
Potential privacy exposure by design, but behavior is disclosed and package-aligned.
Mechanism
user-installed Claude hooks log prompts and file-change metadata
Rationale
The risky primitives are real, but they implement the advertised Claude Code logging workflow and require user-invoked initialization; install-time code only prints instructions. I found no credential harvesting, hidden payload execution, persistence beyond documented hooks, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonbin/postinstall.jsbin/cli.jssrc/api.jssrc/fileTracker.jssrc/hookPayload.jssrc/logger.jssrc/localLogs.jsREADME.md~/.claude/settings.json~/.cc-hooks/config~/.cc-hooks/outbox/*.json~/.cc-hooks/cache/hooks-YYYY-MM-DD.jsonl~/.cc-hooks/logs/cc-hooks-YYYY-MM-DD.log
Network endpoints4
192.168.1.224:8001${CC_HOOKS_API_URL}/api/entries/prompt${CC_HOOKS_API_URL}/api/entries/changes${CC_HOOKS_API_URL}/api/snapshot

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • src/api.js posts prompt text, author, OS, project and file-change metadata to API_BASE.
  • src/api.js default API_BASE is http://192.168.1.224:8001 unless CC_HOOKS_API_URL is set.
  • bin/cli.js init writes Claude Code hook commands into ~/.claude/settings.json.
  • src/api.js queues failed uploads under ~/.cc-hooks/outbox and local logs under ~/.cc-hooks/cache/logs.
Evidence against
  • package.json postinstall runs only bin/postinstall.js, which prints setup instructions and performs no file/network actions.
  • Hook installation is user-invoked via cc-hooks init and documented in README.md.
  • README.md describes prompt/file-change logging, local retry cache, and ~/.claude/settings.json mutation.
  • bin/cli.js uninstall removes only its own cc-hooks commands from Claude settings.
  • dist/index.js eval/Function matches bundled dependency/ncc patterns; source files do not contain hidden loader logic.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 19 file(s), 875 KB of source, external domains: 192.168.1.224, bugzilla.mozilla.org, en.wikipedia.org, encoding.spec.whatwg.org, example.test, github.com, hackerone.com, icu-project.org, me.abelcheung.org, moztw.org, source.icu-project.org, www.google.com, www.haible.de, www.khngai.com, www.ogcio.gov.hk, www.unicode.org, www.w3.org, www8.plala.or.jp

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.jsView file
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.jsView on unpkg · L104
8810L8811: module.exports = eval("require")("supports-color"); L8812:
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L8810
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L104
src/api.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @lonely9206/cc-hooks@0.2.56 matchedIdentity = npm:QGxvbmVseTkyMDYvY2MtaG9va3M:0.2.56 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

src/api.jsView on unpkg

Findings

1 Critical2 High3 Medium8 Low
CriticalPrevious Version Dangerous Deltasrc/api.js
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License