AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. On Windows, installation silently installs a pinned Claude Code package, can execute its installer, and byte-patches its Claude executable. It also rewrites npm command shims and updates existing `~/.cac` runtime wrappers.
Decision evidence
public snapshot- `package.json` runs `node scripts/postinstall.js` at install time.
- On Windows, `scripts/postinstall.js` silently runs `npm install -g @anthropic-ai/claude-code@2.1.202`.
- The same hook executes the foreign package's `install.cjs` when its binary is absent.
- The hook overwrites matching Claude executable bytes after saving a `.bak`, changing date behavior via `process.env.TZ`.
- `cac.ps1` writes wrappers that inject proxy, telemetry-disable, and fingerprint-altering environment into `claude`.
- `cac.ps1` also rewrites `~/.claude.json` userID and Statsig stable-ID files when invoked.
- No package source sends harvested credentials or local data to a package-controlled endpoint.
- No `eval`, VM, dynamic remote loader, or embedded payload was found in inspected files.
- The only lifecycle network endpoint is the public npm registry used to install the pinned foreign package.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
scripts/postinstall.jsView on unpkgPackage source references child process execution.
scripts/postinstall.jsView on unpkg · L25Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/postinstall.jsView on unpkg · L4Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/postinstall.jsView on unpkg · L4Package source invokes a package manager install command at runtime.
scripts/postinstall.jsView on unpkg · L187