AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit setup installs persistent Claude Code hooks that inspect and enforce tool events. Those hooks remotely refresh policy, WASM, and hook code from SolonGate. No npm install-time activation is declared.
Decision evidence
public snapshot- `dist/global-install.js` writes global Claude hooks and `~/.claude/settings.json` after explicit setup.
- `dist/global-install.js` can add a `claude` shell shim and optionally lock hook/config files.
- `hooks/guard.mjs` downloads and atomically replaces persistent hook files from the SolonGate API.
- `hooks/guard.mjs` loads remotely fetched policy WASM and uploads deny/audit events.
- `dist/index.js` can run package-manager commands only through explicit CLI project setup.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle script.
- The global installer requires an explicit CLI action and a supplied SolonGate API key.
- Network behavior is confined to the configured SolonGate API endpoint.
- No source evidence of unrelated credential harvesting, destructive actions, or hidden exfiltration endpoints.
Source & flagged code
11 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L8997Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L9771Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13