AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- dist/index.js exposes explicit `install-hook` command that writes Claude Code hooks.
- dist/install.js adds PermissionRequest, PreToolUse, and SessionEnd command hooks to a settings path, defaulting to `~/.claude/settings.json`.
- hook/clairvoyant-hook.mjs can emit allow/deny/allow_always decisions based on relay responses.
- dist/server.js exposes pairing token via local `/pair`; dist/glasses.js accepts permission responses over token-authenticated WebSocket.
- package.json has no preinstall/install/postinstall lifecycle scripts, so no install-time mutation.
- Hook setup is explicit CLI action, not automatic import/install execution.
- Network behavior is package-aligned local relay/proxy; optional Tailscale funnel is user-requested with `--funnel`.
- Token stored under `~/.clairvoyant/channel-token` with 0600 permissions; no hardcoded exfiltration endpoint found.
- Transcript reads are scoped to Claude session transcript paths for relay display, not broad credential harvesting.
Source & flagged code
4 flagged · loading sourcedist/index.js exposes explicit `install-hook` command that writes Claude Code hooks.
dist/index.jsView on unpkgdist/install.js adds PermissionRequest, PreToolUse, and SessionEnd command hooks to a settings path, defaulting to `~/.claude/settings.json`.
dist/install.jsView on unpkghook/clairvoyant-hook.mjs can emit allow/deny/allow_always decisions based on relay responses.
hook/clairvoyant-hook.mjsView on unpkgdist/server.js exposes pairing token via local `/pair`; dist/glasses.js accepts permission responses over token-authenticated WebSocket.
dist/server.jsView on unpkg