AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked cost notifier that can install its own hooks and optionally send notifications to a user-supplied Slack webhook.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `ccc-notifier init` or configured Claude/Codex hook execution.
Impact
Reads local Claude/Codex usage data; optional Slack notification may include configured prompt content.
Mechanism
Local transcript accounting, notifications, and first-party hook registration.
Rationale
Source inspection shows explicit, package-aligned notifier setup rather than unconsented install-time mutation or a concrete malicious chain. Network use is limited to exchange-rate retrieval and an optional user-configured Slack webhook.
Evidence
package.jsondist/cli.jsdist/chunk-CH34OJ7Q.jsdist/chunk-NV5UOHJA.jsdist/chunk-D4D76RGQ.jsdist/chunk-OOAC5ULQ.js~/.claude/settings.json~/.codex/hooks.json~/.ccc-notifier
Network endpoints2
api.frankfurter.dev/v1/latest?base=USD&symbols=JPYopen.er-api.com/v6/latest/USD
Decision evidence
public snapshotAI called this Clean at 97.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/chunk-CH34OJ7Q.js` registers Claude/Codex hooks, but only via explicit `init`.
- `dist/chunk-NV5UOHJA.js` can POST prompt text to a user-configured Slack webhook.
- `dist/chunk-D4D76RGQ.js` fetches USD/JPY exchange rates.
Evidence against
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- `dist/cli.js` dispatches setup, tracking, and dashboard behavior only after CLI or configured-hook invocation.
- `dist/chunk-CH34OJ7Q.js` edits only recognized ccc-notifier hook entries and creates backups.
- `dist/chunk-NV5UOHJA.js` sends Slack data only when a configured webhook exists; no fixed exfiltration endpoint.
- No eval, shell execution of untrusted input, credential harvesting, or remote payload loading found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-4JSRGJCZ.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = ccc-notifier@0.4.0
matchedIdentity = npm:Y2NjLW5vdGlmaWVy:0.4.0
similarity = 0.350
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/chunk-4JSRGJCZ.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/chunk-4JSRGJCZ.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings