AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is an AI-assistant observability CLI/MCP server with explicit setup commands that install hooks, store local telemetry, and optionally send telemetry to New Relic.
Decision evidence
public snapshot- User-invoked `preflight install` writes Claude Code hooks and MCP config via dist/install/cli.js and dist/install/install-helper.js.
- User-invoked schedule/setup can write macOS LaunchAgent plists via dist/install/schedule.js.
- Runtime collector reads Claude hook stdin/transcripts and writes local JSONL telemetry buffers in dist/hooks/collector-script.js.
- Configured cloud mode sends telemetry to New Relic ingest endpoints in dist/shared/transport/http-client.js.
- package.json lifecycle hook is only `prepare: husky || true`; no install-time package execution path observed.
- dist/index.js dispatches install/setup/schedule/update only as explicit CLI subcommands, not on import.
- Hook/MCP config mutation is package-aligned observability setup and removable via uninstall paths.
- Collector defaults avoid full content capture unless env/config enables it, applies redaction, and writes local buffers.
- Network endpoints are New Relic or user-provided collector/Slack webhook URLs tied to documented observability/digest features.
- Child process use is bounded to git/update, launchctl scheduling, WSL path resolution, or OS notification helpers.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/install/schedule.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
dist/install/setup-wizard.jsView on unpkg · L22This package version adds a dangerous source file absent from the previous stored version.
dist/install/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/install/cli.jsView on unpkg · L182