AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. On Windows npm postinstall, the package alters the globally installed Claude Code runtime without an explicit user command. Its runtime wrapper can inject network-interception hooks into Claude Code processes and suppress selected telemetry/health-check behavior.
Decision evidence
public snapshot- `package.json` defines `postinstall`.
- `scripts/postinstall.js` silently installs global `@anthropic-ai/claude-code@2.1.202` on Windows.
- The lifecycle hook runs that package's `install.cjs` when its binary is absent.
- The hook patches bytes in Claude Code's `bin/claude.exe` or edits its `cli.js`, retaining a `.bak` copy.
- `cac-dns-guard.js` monkey-patches DNS, sockets, TLS, and `fetch`, including a direct Claude API health-check bypass.
- `cac.ps1` creates `claude` wrappers that inject hooks through `NODE_OPTIONS` and alter Claude runtime configuration.
- No credential collection or outbound exfiltration was found in the inspected package files.
- The only explicit lifecycle network registry is `https://registry.npmjs.org` for the forced Claude Code installation.
- Some proxy, timezone, and telemetry behavior is exposed as CLI functionality rather than hidden collection.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/postinstall.jsView on unpkgPackage source references child process execution.
scripts/postinstall.jsView on unpkg · L25Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/postinstall.jsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/postinstall.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L187Source file is highly similar to a previously finalized malicious package; route for source-aware review.
cac-dns-guard.jsView on unpkg