AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package can install first-party Claude Code hooks and optional user-approved macOS launchd scheduling through explicit CLI setup. Those hooks record AI-assistant telemetry locally and may forward configured telemetry to New Relic.
Decision evidence
public snapshot- `dist/install/cli.js` exposes explicit install/uninstall commands that modify assistant settings.
- `dist/install/setup-wizard.js` prompts before installing Claude hooks and optional macOS launchd persistence.
- `dist/hooks/collector-script.js` collects hook metadata/transcript token usage into `~/.newrelic-preflight`.
- `dist/index.js` starts New Relic ingest only in non-local configured modes.
- `dist/config.js` defaults configured cloud telemetry to `https://otlp.nr-data.net`.
- `dist/digest/digest-sender.js` can POST a user-supplied Slack digest to `hooks.slack.com`.
- `package.json` has no preinstall/install/postinstall hook; its only lifecycle hook is `prepare: husky || true`.
- Hook/config mutations are reached through explicit `preflight install` or interactive `setup`, not package import.
- `dist/install/json-utils.js` rejects writes outside HOME, cwd, or an allowed storage base.
- `dist/security/ssrf.js` blocks loopback, private, and cloud-metadata destinations.
- `dist/hooks/collector-script.js` redacts common credential formats and defaults content recording off.
- No eval/vm payload loading, covert exfiltration, or foreign broad agent-control mutation was confirmed.
Source & flagged code
7 flagged · loading sourcePackage source references child process execution.
dist/install/schedule.jsView on unpkg · L1Package source references weak cryptographic algorithms.
dist/hooks/subagent-watcher.jsView on unpkg · L95Source writes installer persistence such as shell profile or service configuration.
dist/install/setup-wizard.jsView on unpkg · L23Source reaches cloud instance metadata or link-local credential endpoints.
dist/security/ssrf.jsView on unpkg · L1Package source invokes a package manager install command at runtime.
dist/install/cli.jsView on unpkg · L396This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg