AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a Claude Code security monitor whose risky primitives are explicit setup actions for its documented hook/gateway integration.
Decision evidence
public snapshot- dist/chunk-A5LGAJHS.js merges Claude Code hooks into .claude/settings.local.json and writes ~/.dahlia/cc-hook.mjs when init is explicitly run
- dist/chunk-A5LGAJHS.js hook can spawn a detached local gateway daemon on Claude SessionStart
- dist/chunk-LATQNIRW.js uses execSync only to run ps against a numeric PID from its own pid file
- package.json has no install/postinstall/prepare lifecycle script; prepack is publish-time build only
- dist/cli.js only calls runInitClaudeCode for user-invoked 'sentinel init claude-code' and runDisableClaudeCode for disable
- README.md documents init writing Claude hooks, ~/.dahlia state, disable flow, and uninstall recovery
- dist/chunk-A5LGAJHS.js refuses machine-wide ~/.claude install from home unless --global is passed
- network use is local gateway health/API traffic or user-configured webhook/alert handling, not hardcoded exfiltration
- No credential harvesting, remote payload fetch/exec, destructive behavior, or import-time execution found
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
dist/chunk-LATQNIRW.jsView on unpkg · L2Source writes installer persistence such as shell profile or service configuration.
dist/chunk-XII5LGU7.jsView on unpkg · L25A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/chunk-A5LGAJHS.jsView on unpkg · L39A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-A5LGAJHS.jsView on unpkg