AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface. The package is a Claude Code permission-hook CLI that explicitly configures its own hook and local logs when invoked by the user.
Decision evidence
public snapshot- dist/cli/init.js writes Claude Code permissions config, audit logs, settings hook, and CLAUDE.md when user runs `anumati init`.
- dist/cli/settings.js merges a Bash PreToolUse hook and optional SessionStart hook into `.claude/settings.json`.
- dist/cli/steer.js writes a managed guidance block into adjacent `CLAUDE.md`.
- dist/notify.js can spawn a configured or platform sound command on hook passthrough.
- package.json has no preinstall/install/postinstall hook; prepare only runs `npm run build`.
- dist/index.js runtime reads stdin/config and emits allow or passthrough hook JSON; no import-time network or payload fetch.
- Agent settings mutation is explicit user-command setup, package-aligned, idempotent, and preserves existing settings.
- No credential harvesting, exfiltration endpoint, destructive action, obfuscated payload, or remote code loading found.
- Network URLs are repository/docs metadata only.
Source & flagged code
4 flagged · loading sourcedist/cli/init.js writes Claude Code permissions config, audit logs, settings hook, and CLAUDE.md when user runs `anumati init`.
dist/cli/init.jsView on unpkgdist/cli/settings.js merges a Bash PreToolUse hook and optional SessionStart hook into `.claude/settings.json`.
dist/cli/settings.jsView on unpkgdist/cli/steer.js writes a managed guidance block into adjacent `CLAUDE.md`.
dist/cli/steer.jsView on unpkgdist/notify.js can spawn a configured or platform sound command on hook passthrough.
dist/notify.jsView on unpkg