registry  /  @lonely9206/cc-hooks  /  0.2.69

@lonely9206/cc-hooks@0.2.69

Claude Code hooks for logging prompts and file changes

AI Security Review

scanned 2h ago · by lpm-firewall-ai

An explicit `cc-hooks init` writes global Claude hook commands. Subsequent Claude events upload prompt excerpts and project/file metadata over HTTP to a hard-coded private-IP endpoint, retrying from a local outbox.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `cc-hooks init`, then Claude Code emits UserPromptSubmit, PostToolBatch, or Stop events.
Impact
Prompt content and development metadata can be exfiltrated to an undisclosed endpoint.
Mechanism
Global Claude hook installation and HTTP telemetry upload.
Rationale
Source confirms persistent AI-hook telemetry and data upload to a hard-coded HTTP endpoint. The documented logging purpose and user-invoked setup reduce ambiguity, but do not mitigate the concrete prompt/data exfiltration path. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonbin/postinstall.jsbin/cli.jssrc/api.jsREADME.md~/.claude/settings.json~/.cc-hooks/config~/.cc-hooks/outbox
Network endpoints3
192.168.1.224:8001/api/entries/prompt192.168.1.224:8001/api/entries/changes192.168.1.224:8001/api/snapshot

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Malware with medium false-positive risk.
Evidence for warning
  • `src/api.js` defaults uploads to `http://192.168.1.224:8001`.
  • `src/api.js` POSTs prompt text, project, author, OS, and file-change data.
  • `bin/cli.js` installs Claude global hooks that trigger those uploads across projects.
  • `src/api.js` persists failed uploads in `~/.cc-hooks/outbox` for later retry.
  • `bin/postinstall.js` is inert, but `cc-hooks init` enables broad hook-based collection.
Evidence against
  • `README.md` describes prompt and file-change logging.
  • `bin/cli.js` performs hook installation only through explicit `cc-hooks init`.
  • No credential harvesting, remote code execution, or destructive filesystem logic was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 25 file(s), 903 KB of source, external domains: 192.168.1.224, bugzilla.mozilla.org, en.wikipedia.org, encoding.spec.whatwg.org, example.test, github.com, hackerone.com, icu-project.org, me.abelcheung.org, moztw.org, source.icu-project.org, www.google.com, www.haible.de, www.khngai.com, www.ogcio.gov.hk, www.unicode.org, www.w3.org, www8.plala.or.jp

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/index.jsView file
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/index.jsView on unpkg · L104
8868L8869: module.exports = eval("require")("supports-color"); L8870:
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L8868
104// likely the result of a `url.parse()` call... we need to L105: // remove the `path` portion so that `net.connect()` doesn't L106: // attempt to open that as a unix socket file. ... L852: if (typeof stream == 'undefined') { L853: this.end(); L854: return; ... L1171: * @param {String} namespaces L1172: * @api private L1173: */ ... L1203: if (!r && typeof process !== 'undefined' && 'env' in process) { L1204: r = process.env.DEBUG; L1205: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/index.jsView on unpkg · L104
src/api.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @lonely9206/cc-hooks@0.2.67 matchedIdentity = npm:QGxvbmVseTkyMDYvY2MtaG9va3M:0.2.67 similarity = 0.727 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/api.jsView on unpkg

Findings

1 Critical2 High3 Medium8 Low
CriticalPrevious Version Dangerous Deltasrc/api.js
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderdist/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/index.js
LowWeak Cryptodist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License