AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit `login` command installs first-party Claude Code hooks, with optional shell shimming and OS-level locking. Those hooks can self-update from the SolonGate API after a SHA-256 check and send tool/audit data to that service.
Decision evidence
public snapshot- `dist/global-install.js` writes Claude Code hooks into `~/.claude/settings.json`.
- `dist/global-install.js` can add a `claude` shell shim and optionally set immutable file attributes.
- `hooks/guard.mjs` downloads, hash-checks, then replaces installed hook files from `https://api.solongate.com`.
- Installed hooks read tool input and send policy/audit requests to the SolonGate API.
- `package.json` has no npm lifecycle hooks.
- Global mutation is reached from user-invoked `login`; `--no-install` disables it.
- Network traffic is package-aligned: policy, hook-update, authentication, and audit API routes.
- `dist/shield.js` is an explicit local proxy that redacts payload data before forwarding upstream.
- No source evidence of credential harvesting beyond configured SolonGate credentials or unrelated exfiltration.
Source & flagged code
12 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L9633Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L10407Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tui/index.jsView on unpkg