AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `login` installs persistent Claude Code command hooks and a shell shim. The guard later self-updates installed hook files from the configured SolonGate Cloud API and uploads audit/policy-related data when enabled.
Decision evidence
public snapshot- `dist/login.js` runs `runGlobalInstall` after device login unless `--no-install`.
- `dist/global-install.js` writes Claude Code hooks into `~/.claude/settings.json` and shell-profile Claude shims.
- `hooks/guard.mjs` fetches newer hook source from `/api/v1/hooks/*` and atomically replaces installed hooks.
- Installed hooks read local API keys/config and send policy/audit requests to SolonGate Cloud.
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- Global mutation is reached through explicit `login` after interactive device authorization.
- Hook updates require a configured SolonGate API key and perform SHA-256 equality checks.
- Observed endpoints are package-aligned SolonGate APIs; no unrelated exfiltration endpoint was found.
- `dist/inject.js` and `dist/create.js` package-manager calls are explicit CLI subcommands, not install-time behavior.
Source & flagged code
15 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tui/index.jsView on unpkg · L2198This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/tui/index.jsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L281Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L11330Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L12116Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13