AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit login/global-install configures Claude Code hooks and shell interception. Later AI-tool hook runs can retrieve and replace those executable hooks from the SolonGate API.
Decision evidence
public snapshot- `dist/global-install.js` explicitly writes hooks into `~/.solongate` and replaces `~/.claude/settings.json` hooks.
- `dist/global-install.js` adds a `claude` shell-profile shim and can lock its hook/config files when `SOLONGATE_OS_LOCK=1`.
- `hooks/guard.mjs` fetches replacement guard/audit/shield code from the cloud and atomically installs it on later hook runs.
- The downloaded hook hash is supplied by the same API response, not an embedded signature or pinned trust root.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Installation is reached through explicit `login`/global-install commands, not import-time execution.
- `hooks/guard.mjs` targets SolonGate-owned hook paths and Claude Code configuration, not broad arbitrary paths.
- Cloud requests use the configured SolonGate API and the shield proxies only the selected Anthropic upstream.
Source & flagged code
11 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L9084Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L9858Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13