AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit login/global-install configures SolonGate hooks for every Claude Code session and can add a shell wrapper. The guard subsequently retrieves policy, audit logs, and newer hook bundles from SolonGate Cloud.
Decision evidence
public snapshot- `dist/global-install.js` overwrites `~/.claude/settings.json` with global PreToolUse/PostToolUse/Stop hooks.
- `hooks/guard.mjs` downloads newer hook code from the cloud and atomically replaces installed hook files.
- Installed audit/guard hooks send tool arguments and decisions to the configured SolonGate API.
- Optional OS-lock commands can make hook/config/settings files immutable.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Global hook setup occurs through explicit `login`/global-install CLI flow and accepts a user API key.
- Observed network hosts are package-aligned SolonGate endpoints; no unrelated credential-exfiltration endpoint found.
- Child-process use launches the explicit shield target or refreshes the package's own hook.
Source & flagged code
11 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L7628This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/guard.mjsView on unpkgSource reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13