AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a repackaged Claude-Code-like CLI with broad user-invoked agent capabilities. The confirmed unresolved risk is a prepare lifecycle command that changes Git hook configuration, but no install-time foreign AI-agent hijack or exfiltration path was confirmed.
Decision evidence
public snapshot- package.json prepare runs `git config core.hooksPath .githooks`, mutating repo Git hook configuration when prepare is executed.
- package.json exposes bin commands `ccharness`/`cc-harness` to dist/cli.js, an AI coding assistant with shell/MCP/plugin capabilities.
- dist/chunk-a07hgnvm.js can run user-configured apiKeyHelper/awsAuthRefresh/gcpAuthRefresh commands, guarded by workspace trust for project/local settings.
- No preinstall/install/postinstall hook; lifecycle execution is prepare/prepublishOnly rather than consumer install-time mutation.
- No concrete credential exfiltration found; highlighted auth code sends provider credentials to Anthropic/AWS/GCP/Azure auth flows or stores local Claude credentials.
- dist/chunk-jb95wx8d.js is bundled @azure/identity code, not browser credential phishing logic.
- dist/chunk-2whhcyfm.js eval is bundled OpenTelemetry dynamic require fallback.
- Runtime network endpoints found are package-aligned Claude/Anthropic, GrowthBook, OpenTelemetry localhost, or cloud provider SDK endpoints.
- No prompt/reviewer manipulation or destructive payload found in inspected entrypoints/chunks.
Source & flagged code
13 flagged · loading sourceSource appears to collect browser login credentials for exfiltration.
dist/chunk-jb95wx8d.jsView on unpkg · L28Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/chunk-jb95wx8d.jsView on unpkg · L28Package contains a possible secret pattern.
dist/chunk-jb95wx8d.jsView on unpkg · L1131Package source references weak cryptographic algorithms.
dist/chunk-jb95wx8d.jsView on unpkg · L28Package source references child process execution.
dist/chunk-ta4rpce6.jsView on unpkg · L4917Source reaches cloud instance metadata or link-local credential endpoints.
dist/chunk-ta4rpce6.jsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
dist/chunk-a07hgnvm.jsView on unpkg · L113A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-a07hgnvm.jsView on unpkg · L113Source writes installer persistence such as shell profile or service configuration.
dist/chunk-a07hgnvm.jsView on unpkg · L113Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-z92gmnjw.jsView on unpkg · L257Package contains source files above the static scanner size ceiling.
dist/chunk-b6gc8vws.jsView on unpkg