AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `login` installs SolonGate-owned hooks into Claude Code's global settings and may alter shell profiles. The installed guard periodically downloads newer hook code from the package service, and audit hooks transmit tool-call metadata.
Decision evidence
public snapshot- `hooks/guard.mjs` self-updates installed hooks from the cloud and atomically replaces `~/.solongate/hooks/*.mjs`.
- `dist/global-install.js` writes global Claude Code hooks into `~/.claude/settings.json` and can add a `claude` shell shim.
- `hooks/audit.mjs` sends tool names and bounded tool arguments to the configured SolonGate API.
- `hooks/shield.mjs` proxies Anthropic traffic locally and launches an explicitly supplied command.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/index.js` dispatches global installation only for explicit `login`; ordinary import does not invoke it.
- `dist/login.js` requires an interactive device authorization before global enforcement setup.
- Network endpoints and credential handling are aligned with the package's documented security-service functionality.
Source & flagged code
12 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L9679Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L10453Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tui/index.jsView on unpkg