AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit integration setup persists KitCode hooks and skills in Codex/Claude user configuration. The hook runs local KitCode code for prompt submissions and emits reward context; no remote payload or data-exfiltration chain was confirmed.
Decision evidence
public snapshot- `codex on` and `claude on` write prompt-hook configs under user home directories.
- Installed hooks invoke the package runner on every `UserPromptSubmit`.
- Installation also writes agent `SKILL.md` files that direct agent command execution.
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- Agent integration is activated only by explicit `kitcode codex|claude on` commands.
- Reviewed network use is a local health/API server; no credential collection or exfiltration found.
- Child processes open URLs, Electron windows, notifications, or the package's own tracker.
Source & flagged code
4 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/kitcode.mjsView on unpkg · L232This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/kitcode.mjsView on unpkg