AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky primitives are aligned with a Claude PTY/WebSocket streamer and user-invoked updater/server functionality.
Decision evidence
public snapshot- package.json postinstall only chmods node-pty prebuild spawn-helper; no downloader or hidden payload.
- dist/index.cjs exports server/library code; no install-time or import-time network/exfil path found.
- dist/index.cjs PTY spawns local claude with user/session options, matching package purpose.
- dist/cli.cjs update command fetches GitHub releases only after user/server update flow and verifies manifest sha256/size before installing.
- dist/index.cjs /api/__update requires configured webhook_secret HMAC before spawning cli update --force.
- dist/seed-claude-config.cjs writes CLAUDE_CONFIG only when invoked, sets onboarding/trust flags with allowedTools empty.
Source & flagged code
8 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L101Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg