AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time execution occurs. Explicit setup commands modify Claude Code and Codex configuration to register Caveat-owned MCP/hooks, whose handlers process agent prompts and tool-event data locally.
Decision evidence
public snapshot- `dist/index.js` `init` explicitly registers Claude MCP/hooks and Codex hooks.
- `installClaudeIntegration` writes `~/.claude/settings.json` and invokes `claude mcp add` via shell.
- `installCodexHooks` enables `codex_hooks` and writes `~/.codex/hooks.json`/`config.toml`.
- Hook handlers read prompt/tool-event input and start a detached local worker.
- `package.json` has no preinstall/install/postinstall lifecycle scripts.
- All integration writes are reached through explicit `caveat init` or `caveat codex-hook install` commands.
- Hook entries invoke this package's own CLI subcommands and preserve backups.
- No package-originated HTTP client/exfiltration path was found; reported fetch use is bundled server framework code.
Source & flagged code
5 flagged · loading sourceSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L56Package source references dynamic require/import behavior.
dist/chunk-ZNAFNCPW.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/chunk-ZNAFNCPW.jsView on unpkg · L1383