AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Package-supplied Claude extension descriptors can execute the latest npm package when the host activates MCP or SessionStart. An explicit CLI install command can add a statusline command to Claude settings. No unconsented npm install-time mutation or confirmed exfiltration is present.
Decision evidence
public snapshot- `.mcp.json` runs `npx -y claude-hindsight@latest mcp` when activated.
- `hooks/hooks.json` defines a Claude `SessionStart` command using `npx -y ...@latest --plain`.
- `dist/statusline/install.js` can write `~/.claude/settings.json` or project `.claude/settings.json` after explicit `statusline --install`.
- `dist/server/polish.js` and `dist/architecture/generate.js` invoke the local `claude` CLI with transcript-derived prompts.
- `package.json` has no preinstall/install/postinstall lifecycle hook; only `prepublishOnly`.
- `dist/cli.js` binds the web server to `127.0.0.1` and opens only localhost.
- No first-party `fetch`, HTTP client, socket, credential harvesting, eval, or remote payload loader was found.
- `dist/indexer/indexer.js` reads local Claude JSONL transcripts and stores local SQLite data.
- The flagged Cytoscape bundle contains third-party MIT/license material, not package-specific attack logic.
Source & flagged code
2 flagged · loading sourceSource file is highly similar to a previously finalized malicious package; route for source-aware review.
ui/dist/assets/cytoscape.esm-CUqq0XTU.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
ui/dist/assets/cytoscape.esm-CUqq0XTU.jsView on unpkg