AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `login` installs Claude Code command hooks and shell shims. On later tool calls, the guard can fetch and replace those installed hook scripts from the configured SolonGate API.
Decision evidence
public snapshot- `dist/login.js` runs a global installer after explicit `login` unless `--no-install` is supplied.
- `dist/global-install.js` writes Claude hooks into `~/.claude/settings.json` and shell-profile shims.
- `hooks/guard.mjs` downloads hook JavaScript and atomically replaces installed hook files; its hash comes from the same server.
- `hooks/audit.mjs` sends tool names and arguments to the configured SolonGate API by default.
- `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
- `dist/index.js` dispatches installation only for the user-invoked `login` command.
- `dist/login.js` offers `--no-install`, and `logout` calls the restoration path.
- Network use and audit logging align with the advertised proxy/security product behavior.
Source & flagged code
15 flagged · loading sourcePackage contains a critical-looking secret pattern.
dist/tui/index.jsView on unpkg · L1976A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/shield.jsView on unpkg · L269Source combines credential-like environment material and outbound requests; review data flow before blocking.
dist/lib.jsView on unpkg · L42Source writes installer persistence such as shell profile or service configuration.
dist/lib.jsView on unpkg · L42Package source references a known benign dynamic code generation pattern.
dist/audit/index.jsView on unpkg · L1395Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/index.jsView on unpkg · L10623Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/index.jsView on unpkg · L41Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L41Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L11397Source reaches cloud instance metadata or link-local credential endpoints.
hooks/guard.mjsView on unpkg · L13This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/login.jsView on unpkg