AI Security Review
scanned 11d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No install-time or import-time malware was confirmed. The package is an agent-facing Claude Code viewer/proxy whose CLI can intentionally install hooks and shell integration when invoked.
Decision evidence
public snapshot- CLI runtime can write Claude Code hooks into ~/.claude/settings.json via ensureHooks().
- ccv -logger can modify shell rc files and inject Claude CLI wrapper code; user-invoked integration.
- package.json has no install/postinstall/prepare hook; prepublishOnly is publisher-side build only.
- server/routes/skills.js scanner Unicode concern maps to zero-width stripping, not hidden control flow.
- Hook commands are guarded on CCVIEWER_PORT and marked cc-viewer-managed; uninstall removes managed hooks.
- Network behavior observed is loopback proxy/viewer plus user-configurable API base URLs, aligned with package purpose.
Source & flagged code
8 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/assets/jszip.min-PwTGeWmJ.jsView on unpkg · L11Package source references dynamic require/import behavior.
dist/assets/livescript-Bw1Vw7Ae.jsView on unpkg · L1Package source references weak cryptographic algorithms.
server/lib/claude-md-discovery.jsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
server/lib/terminal-env.jsView on unpkg · L7Manifest entrypoint contains risky behavior absent from dist/build output.
server/interceptor.jsView on unpkg · L12Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
server/routes/skills.jsView on unpkg · L112A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server/routes/skills.jsView on unpkg