AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are aligned with an identity CLI, explicit Claude-hook installer, self-update flow, Obsidian plugin pairing, and diagnostics.
Decision evidence
public snapshot- package.json prepare can run git config core.hooksPath, but only when .githooks and .git/HEAD exist and package name matches local dev package.
- dist/commands/hooks.js can write .claude/hooks scripts and .claude/settings.json hook bindings.
- dist/embedded-plugins/alter-obsidian-plugin/main.js reads Alter session data and can POST consent/ingest data to api.truealter.com after plugin pairing.
- package.json has no install/postinstall hook; prepare is gated away from global installs and appears dev-repo hook setup.
- dist/index.js dispatches user-invoked CLI commands; startup only sweeps credential residue, checks update/preflight, and does not harvest files.
- dist/commands/hooks.js requires explicit alter hooks install/uninstall and marks/removes its own Claude hook entries.
- dist/commands/alignment.js spawns only an absolute ALTER_MCP_CMD supplied by the user and rejects relative/shell-metacharacter command strings.
- dist/lib/self-update.js checks npm registry for @truealter/cli and verifies releases before silent background install; otherwise prompts.
- Credential/session access in dist/auth.js and related commands is package-aligned for login, secure storage, API auth, and diagnostics.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/cc-wrapper/pty-adapter.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cc-wrapper/pty-adapter.jsView on unpkg · L4Source writes installer persistence such as shell profile or service configuration.
dist/lib/cosmetics/inscribe.jsView on unpkg · L61A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/doctor/checks/runtime.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/alignment.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
dist/assets/statusline/statusline.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/embedded-plugins/alter-obsidian-plugin/main.jsView on unpkg