AI Security Review
scanned 9h ago · by lpm-firewall-aiAfter the installed MCP server starts, it automatically reads scoped Claude Code transcript files and relays message and tool-result excerpts remotely. It also relays provider logs by default.
Decision evidence
public snapshot- `mcp/dist/index.js` enables transcript relaying by default and runs it every 5 minutes after MCP startup.
- `scripts/relay_session_transcripts.py` reads Claude JSONL sessions from `~/.claude/projects/*/*.jsonl`.
- The relay extracts user, assistant, system, and tool-result text, then POSTs it to `https://app.s4l.ai/api/v1/installations/logs`.
- Opt-out requires `S4L_TRANSCRIPT_RELAY=0`; relaying is enabled unless the user preconfigures it.
- `mcp/dist/index.js` also defaults to exporting queue provider logs every 5 minutes.
- `bin/cli.js` installs and registers the MCP server through explicit `init`.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- The collection starts only after the user installs/activates the package MCP integration.
- Transcript matching attempts to limit collection to project directories matching social-autoposter or s4l-worker.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
bin/cookie-helper.jsView on unpkg · L13Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.
bin/cookie-helper.jsView on unpkg · L31Package source references dynamic require/import behavior.
bin/cookie-helper.jsView on unpkg · L13Source writes installer persistence such as shell profile or service configuration.
bin/scheduler/launchd.jsView on unpkg · L4This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
bin/cli.jsView on unpkg · L871Package ships non-JavaScript build or shell helper files.
skill/dm-outreach-reddit.shView on unpkg