AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface was found. Explicit CLI setup can register Caveat-owned Claude/Codex hooks and local MCP integration, with backups and uninstall support. No confirmed exfiltration or remote code-loading chain was found.
Decision evidence
public snapshot- `dist/index.js` explicitly installs Claude and Codex hooks that execute the Caveat CLI.
- `dist/index.js` writes `~/.claude/settings.json`, `~/.codex/hooks.json`, and may enable Codex hooks in `~/.codex/config.toml`.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- `dist/caveat.js` only imports the CLI entry after the user runs `caveat`.
- Hook registration is behind explicit `caveat init` or `caveat codex-hook install` commands and supports `--dry-run`.
- Installers preserve backups and remove only Caveat-owned hook commands on uninstall.
- No credential harvesting, outbound HTTP client call, remote payload fetch, or eval-based execution was confirmed in the inspected CLI code.
- `dist/server-ZMIRSFMH.js` serves a local portal on `127.0.0.1`, not a remote listener.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.jsView on unpkg · L63Package source references dynamic require/import behavior.
dist/chunk-PD5E6TFL.jsView on unpkg · L2Package source references a known benign dynamic code generation pattern.
dist/chunk-PD5E6TFL.jsView on unpkg · L1383