AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a Claude Code viewer/proxy that can modify Claude hooks, shell rc files, local logs, and workspace/IM skill files when the user runs its CLI or UI features.
Decision evidence
public snapshot- package.json has no install/postinstall hook; only prepublishOnly build is publisher-side.
- cli.js shell and Claude hook writes are reached by explicit ccv commands, not npm install/import.
- server/lib/ensure-hooks.js writes cc-viewer-managed guarded hooks to Claude settings only for CCVIEWER_PORT sessions.
- server/proxy.js forwards Claude API traffic to configured Anthropic/custom base URL for local tracing, not a hardcoded exfil endpoint.
- server/interceptor.js masks x-api-key/authorization before log writes; cached auth is in-process for package features.
- server/routes/skills.js upload/import validates names, blocks symlinks/path escape, and writes only selected skills roots.
Source & flagged code
8 flagged · loading sourcePackage source references a known benign dynamic code generation pattern.
dist/assets/jszip.min-Dx820onf.jsView on unpkg · L11Package source references dynamic require/import behavior.
dist/assets/livescript-Bw1Vw7Ae.jsView on unpkg · L1Package source references weak cryptographic algorithms.
server/lib/claude-md-discovery.jsView on unpkg · L7Source writes installer persistence such as shell profile or service configuration.
server/lib/terminal-env.jsView on unpkg · L7Manifest entrypoint contains risky behavior absent from dist/build output.
server/interceptor.jsView on unpkg · L12Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
server/routes/skills.jsView on unpkg · L112A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server/routes/skills.jsView on unpkg