AI Security Review
scanned 1h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- scripts/claude-auto-wake.js passes remote pending messages to `claude --print` with `--allow-dangerously-skip-permissions` and Bash allowed.
- bin/claude-collab-plugin-watch.js invokes auto-wake when explicitly enabled, after `collab-read` retrieves messages.
- src/settings.js installs persistent PostToolUse, SessionStart, and UserPromptSubmit command hooks in `~/.claude/settings.json`.
- scripts/claude-posttool-hook.js forwards summaries of write operations and non-read Bash commands through `collab-send`.
- package.json contains no preinstall, install, or postinstall lifecycle hook.
- Hook/config mutations occur only through the package's explicit install command and are marker-scoped with backups.
- No source-level HTTP client, credential harvesting, eval/vm use, payload download, or destructive broad file operation was found.
- Auto-wake is opt-in by CLI flag or saved package configuration rather than enabled at import/install time.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
bin/claude-collab-plugin.jsView on unpkg · L68Package source references dynamic require/import behavior.
bin/claude-collab-plugin.jsView on unpkg · L19Package source invokes a package manager install command at runtime.
src/plugin-doctor.jsView on unpkg · L81This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/claude-collab-plugin-watch.jsView on unpkg