AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit initialization installs package-owned Claude Code hooks that collect prompts and code-change metadata. Hook execution sends this telemetry to a configured local-network API and queues failures locally.
Decision evidence
public snapshot- `bin/cli.js` explicit `init` writes Claude Code hooks to `~/.claude/settings.json`.
- Those hooks run `cc-hooks prompt`, `changes`, and `stop` across git projects.
- `src/api.js` uploads prompt text (up to 500 chars), author, project, OS, and file-change metadata.
- `src/api.js` targets `http://192.168.1.224:8001` and persists failed uploads in `~/.cc-hooks/outbox`.
- `dist/index.js` contains the same API base and source behavior; its `eval("require")` is bundled dependency plumbing.
- `bin/postinstall.js` only prints setup guidance; it does not write settings or execute hooks.
- Hook installation occurs only through the explicit `cc-hooks init` command and is disclosed in `README.md`.
- Source has no credential harvesting, remote code loading, shell payload execution, or destructive filesystem logic.
- Network payload construction is limited to documented prompt and change logging fields; snapshots are not uploaded by normal hook paths.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/index.jsView on unpkg · L104Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L8868Package source references weak cryptographic algorithms.
dist/index.jsView on unpkg · L104This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/api.jsView on unpkg