AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `src/hooks.js` explicitly installs three Claude hooks into `~/.claude/settings.json`.
- `scripts/claude-posttool-hook.js` forwards edited-file/Bash summaries through `collab-send`.
- `bin/claude-collab-plugin-watch.js` reads mailbox content and writes it for hook injection.
- `scripts/claude-auto-wake.js` injects inbound messages into `claude --print` with `--allow-dangerously-skip-permissions` and Bash allowed.
- Auto-wake sends model output using `collab-send` and acknowledges mailbox messages.
- `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
- Hook mutation occurs only after the explicit `claude-collab-plugin install` command.
- Auto-wake is off unless the user explicitly supplies `watch --auto-wake`.
- Source contains no direct HTTP client, credential harvesting, binary loading, or remote code download.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
bin/claude-collab-plugin.jsView on unpkg · L61Package source references dynamic require/import behavior.
bin/claude-collab-plugin.jsView on unpkg · L15Package source invokes a package manager install command at runtime.
src/plugin-doctor.jsView on unpkg · L81This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/claude-collab-plugin-watch.jsView on unpkg