registry  /  @lonely9206/cc-hooks  /  0.2.61

@lonely9206/cc-hooks@0.2.61

Claude Code hooks for logging prompts and file changes

Static Scan Results

scanned 13d ago · by rust-scanner

Static analysis flagged 13 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 20 file(s), 878 KB of source, external domains: 192.168.1.224, bugzilla.mozilla.org, en.wikipedia.org, encoding.spec.whatwg.org, example.test, github.com, hackerone.com, icu-project.org, me.abelcheung.org, moztw.org, source.icu-project.org, www.google.com, www.haible.de, www.khngai.com, www.ogcio.gov.hk, www.unicode.org, www.w3.org, www8.plala.or.jp

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.jsView file
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.jsView on unpkg · L104
8840L8841: module.exports = eval("require")("supports-color"); L8842:
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L8840
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L104

Findings

2 High3 Medium8 Low
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License