AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup installs this package's command as Claude Code hooks. Runtime hook handling captures Claude session content and uploads telemetry only when configured with an API key.
Decision evidence
public snapshot- `dist/setup-2YTCJSH6.js` explicit `setup` writes hooks to `~/.claude/settings.json` or project `.claude/settings.json`.
- `hooks/hooks.json` invokes `dist/cli.js hook` for broad Claude lifecycle events.
- `dist/cli.js` reads hook JSON, captures prompts/tool activity, and flushes telemetry when an API key exists.
- `dist/index.js` sends protobuf spans with `x-api-key` to the configured endpoint; default is `https://ingest.neatlogs.com`.
- `dist/index.js` reads instruction files and transcript-related hook paths, retaining prompt, output, thinking, and tool-call fields.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Hook registration occurs only through the user-invoked `neatlogs-claude-code setup` command.
- No child-process execution, shell payload, eval/vm use, native loading, or remote code loading was found.
- The only network literal found is the package-aligned Neatlogs ingest endpoint.
Source & flagged code
5 flagged · loading source`dist/setup-2YTCJSH6.js` explicit `setup` writes hooks to `~/.claude/settings.json` or project `.claude/settings.json`.
dist/setup-2YTCJSH6.jsView on unpkg`hooks/hooks.json` invokes `dist/cli.js hook` for broad Claude lifecycle events.
hooks/hooks.jsonView on unpkg`dist/cli.js` reads hook JSON, captures prompts/tool activity, and flushes telemetry when an API key exists.
dist/cli.jsView on unpkg`dist/index.js` sends protobuf spans with `x-api-key` to the configured endpoint; default is `https://ingest.neatlogs.com`.
dist/index.jsView on unpkg`dist/index.js` reads instruction files and transcript-related hook paths, retaining prompt, output, thinking, and tool-call fields.
dist/index.jsView on unpkg