AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code mutates the global Claude Code control surface. It installs a statusline command into the user's global `~/.claude/settings.json` without an explicit user command or opt-in.
Decision evidence
public snapshot- `package.json` runs `src/scripts/global-install.js` as `postinstall`.
- `src/scripts/global-install.js` invokes `installGlobalStatusline()` without consent.
- `src/utils/hooks-installer.js` writes `~/.claude/settings.json` and replaces `statusLine`.
- Postinstall also writes Windows PowerShell profiles to alter PATH.
- No credential collection or network request appears in the postinstall path.
- MCP credential setup is interactive under explicit CLI/init flows, not postinstall.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references child process execution.
framework/hooks/claude-code/core/post-edit-typecheck.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
framework/hooks/claude-code/core/post-edit-typecheck.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution; review context before blocking.
src/lib/installers/mcp-installer.jsView on unpkg · L189This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
src/utils/hooks-installer.jsView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
src/utils/hooks-installer.jsView on unpkg · L14Package ships non-JavaScript build or shell helper files.
framework/hooks/claude-code/statusline.pyView on unpkgRSA private key in framework/templates/meta-prompts/validators/pre-commit-validator.md
framework/templates/meta-prompts/validators/pre-commit-validator.mdView on unpkg · L34