registry  /  claude-hindsight  /  0.3.1

claude-hindsight@0.3.1

Local dashboard for Claude Code: project briefings and CLAUDE.md instruction audits from your own transcripts

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Package-supplied Claude extension descriptors can execute the latest npm package when the host activates MCP or SessionStart. An explicit CLI install command can add a statusline command to Claude settings. No unconsented npm install-time mutation or confirmed exfiltration is present.

Static reason
No blocking static signals were detected.; source matched previously finalized malicious package; routed for review; previous stored version diff introduced dangerous source
Trigger
Claude host activates the packaged MCP/hook descriptor, or the user runs `statusline --install`, dashboard polish, or architecture refresh.
Impact
Can access local Claude session data and invoke the user's configured Claude CLI; configuration mutation is limited to an explicit install command.
Mechanism
First-party Claude extension lifecycle commands plus explicit local Claude CLI invocation.
Rationale
Source supports a non-blocking extension-lifecycle warning rather than malicious classification. The risky behaviors are package-aligned and user/host activated, but automatic `@latest` execution in Claude integration metadata warrants visibility.
Evidence
package.jsondist/cli.jsdist/statusline/install.jsdist/server/polish.jsdist/architecture/generate.jshooks/hooks.json.mcp.json~/.claude/projects/**/*.jsonl~/.claude-hindsight/index.db~/.claude/settings.json.claude/settings.json
Network endpoints1
localhost:4756

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `.mcp.json` runs `npx -y claude-hindsight@latest mcp` when activated.
  • `hooks/hooks.json` defines a Claude `SessionStart` command using `npx -y ...@latest --plain`.
  • `dist/statusline/install.js` can write `~/.claude/settings.json` or project `.claude/settings.json` after explicit `statusline --install`.
  • `dist/server/polish.js` and `dist/architecture/generate.js` invoke the local `claude` CLI with transcript-derived prompts.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook; only `prepublishOnly`.
  • `dist/cli.js` binds the web server to `127.0.0.1` and opens only localhost.
  • No first-party `fetch`, HTTP client, socket, credential harvesting, eval, or remote payload loader was found.
  • `dist/indexer/indexer.js` reads local Claude JSONL transcripts and stores local SQLite data.
  • The flagged Cytoscape bundle contains third-party MIT/license material, not package-specific attack logic.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 92 file(s), 3.50 MB of source, external domains: chevrotain.io, en.wikipedia.org, github.com, jquery.org, langium.org, lodash.com, openjsf.org, reactjs.org, tldrlegal.com, underscorejs.org, www.w3.org

Source & flagged code

2 flagged · loading source
ui/dist/assets/cytoscape.esm-CUqq0XTU.jsView file
matchType = normalized_sha256 matchedPackage = @yancyyu/agentcli@1.9.14 matchedPath = dist-renderer/assets/cytoscape.esm-DsxaTqgk.js matchedIdentity = npm:QHlhbmN5eXUvYWdlbnRjbGk:1.9.14 similarity = 1.000 summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity

Source file is highly similar to a previously finalized malicious package; route for source-aware review.

ui/dist/assets/cytoscape.esm-CUqq0XTU.jsView on unpkg
matchType = previous_version_dangerous_delta matchedPackage = claude-hindsight@0.3.0 matchedIdentity = npm:Y2xhdWRlLWhpbmRzaWdodA:0.3.0 similarity = 1.000 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

ui/dist/assets/cytoscape.esm-CUqq0XTU.jsView on unpkg

Findings

2 High3 Medium7 Low
HighKnown Malware Source Similarityui/dist/assets/cytoscape.esm-CUqq0XTU.js
HighPrevious Version Dangerous Deltaui/dist/assets/cytoscape.esm-CUqq0XTU.js
MediumNetwork
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings