AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface by source inspection. Sensitive primitives are tied to explicit CLI/plugin features: login, self-update, Claude hook installation, local wrappers, and Obsidian pairing.
Decision evidence
public snapshot- dist/commands/hooks.js can write curated Claude Code hooks into .claude/settings.json and .claude/hooks when user runs alter hooks install.
- dist/lib/self-update.js may run npm install -g @truealter/cli after registry/version checks and release verification/prompting.
- dist/embedded-plugins/alter-obsidian-plugin/main.js sends consent/ingest requests with X-ALTER-API-Key to api.truealter.com after Obsidian pairing actions.
- package.json has no install/postinstall/prepare hook; only prepublishOnly is publisher-side.
- dist/index.js only dispatches CLI commands; no import-time execution beyond credential-residue cleanup and update/preflight checks at CLI runtime.
- dist/cc-wrapper/pty-adapter.js spawns the requested cc command/PTY for the explicit alter cc wrapper path.
- dist/commands/alignment.js requires ALTER_MCP_CMD to be an absolute user-configured server command and rejects shell metacharacter parsing.
- dist/commands/hooks.js install/uninstall is explicit, documented, marker-based, and includes uninstall handling; not lifecycle-triggered.
- Network endpoints observed are TrueAlter, npm registry, release verification, localhost callback/Ollama, or user-configured MCP endpoints aligned with CLI features.
Source & flagged code
8 flagged · loading sourcePackage source references child process execution.
dist/cc-wrapper/pty-adapter.jsView on unpkg · L1Package source references dynamic require/import behavior.
dist/cc-wrapper/pty-adapter.jsView on unpkg · L4Source writes installer persistence such as shell profile or service configuration.
dist/lib/cosmetics/inscribe.jsView on unpkg · L61A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/doctor/checks/runtime.jsView on unpkg · L1Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/alignment.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
dist/assets/statusline/statusline.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/embedded-plugins/alter-obsidian-plugin/main.jsView on unpkg