AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented npm install-time behavior is present. Explicit CLI setup can register Caveat-owned hooks/MCP configuration and invoke local agent tooling or Git operations.
Decision evidence
public snapshot- `dist/index.js` explicitly installs Caveat-owned Claude hooks and MCP registration into `~/.claude` via `caveat init`.
- `dist/index.js` explicitly writes Caveat-owned Codex hooks to `~/.codex/hooks.json` and can set `[features].hooks = true`.
- `dist/index.js` invokes local `claude`, `codex`, `git`, and optional `codex-sidecar` commands from named CLI actions.
- `dist/chunk-HCLEIAGO.js` performs Git-based community/sync actions and probes user-configured Git remotes for anonymous readability.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or other lifecycle hook.
- `dist/caveat.js` only imports the CLI entrypoint; it has no install-time network, config-write, or subprocess behavior.
- Hook/config writes are behind explicit `caveat init` or `caveat codex-hook install` commands, support `--dry-run`, and back up existing files.
- Codex installation refuses to override an explicit `hooks = false` setting; hook removal targets Caveat-owned commands.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/chunk-HCLEIAGO.jsView on unpkg · L10070Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-HCLEIAGO.jsView on unpkg · L295Package source references dynamic require/import behavior.
dist/chunk-HCLEIAGO.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/chunk-HCLEIAGO.jsView on unpkg · L1383