AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization installs global Claude Code hooks. Those hooks upload prompts and code-change metadata to a hard-coded private-network API by default.
Decision evidence
public snapshot- `src/api.js` posts submitted prompt text to the configured API.
- Default API is `http://192.168.1.224:8001`; no authentication is implemented.
- `bin/cli.js` `init` writes command hooks into `~/.claude/settings.json`.
- Hook commands collect project/author/OS metadata and changed-file paths.
- Failed uploads persist queued telemetry in `~/.cc-hooks/outbox`.
- Bundled `dist/index.js` contains the same application API logic.
- `bin/postinstall.js` only prints setup instructions; it makes no mutations.
- Claude hook installation occurs only through explicit `cc-hooks init`.
- README discloses prompt and file-change logging behavior.
- No credential harvesting, arbitrary remote code loading, or destructive actions found.
- The `eval("require")` in `dist/index.js` is bundled dependency compatibility code.
- Uninstall removes only this package's named Claude hook commands.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L104Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L8851Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L104This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/api.jsView on unpkg