AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are expected for a PTY/WebSocket Claude streamer and are gated by CLI invocation, API keys, local auth choices, or configured webhook secrets.
Decision evidence
public snapshot- package.json defines postinstall, but it only chmods node-pty prebuilds/<platform>/spawn-helper and suppresses errors.
- dist/index.cjs and dist/cli.cjs spawn Claude CLI/PTYs and expose HTTP/WebSocket controls for sessions.
- dist/cli.cjs has an authenticated update flow that fetches GitHub release assets and swaps local install files.
- No install-time network, credential harvesting, persistence, or payload download found in package.json postinstall.
- dist/index.cjs has no main/import-time server start; exports are library APIs only.
- Child process use is package-aligned: finding claude, spawning claude PTYs, launchctl/systemctl/schtasks restart, and update self-reexec.
- Network endpoints are local server routes, Temporal/DB configuration, and user-invoked GitHub updater with manifest sha256/size verification.
- /api/__update requires configured webhook_secret HMAC before spawning the updater.
- File access is aligned with config, cache, Claude conversation JSONL watching, migrations, and updater state.
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L101Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg