AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a remote-control wrapper for Claude/Codex-style sessions and uses local hooks, child processes, and package-aligned network APIs as core user-invoked behavior.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/unpack-tools.cjs
- scripts/unpack-tools.cjs extracts bundled rg/difftastic archives and chmods binaries under tools/unpacked
- dist/index-JP6If7qH.mjs creates temporary Claude SessionStart hook settings for happy session tracking
- Runtime connects to api.cluster-fluster.com/app.happy.engineering for authenticated remote session control
- postinstall only reads package archives and writes tools/unpacked inside the package; no network or home config mutation
- Claude hook settings are generated under HAPPY_HOME_DIR/tmp/hooks and passed via --settings to launched Claude, not installed into ~/.claude/settings.json
- Network endpoints are documented defaults in README.md and package-aligned
- No credential harvesting beyond package auth credentials; attachment/session data is encrypted before upload
- No eval/vm/remote payload execution found in inspected entrypoints and scripts
- Child process use launches declared local CLIs/tools as user-invoked functionality
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/types-rEJf9J_x.cjsView on unpkg · L2Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index-Bdc0eEMQ.cjsView on unpkg · L6Source writes installer persistence such as shell profile or service configuration.
dist/index-Bdc0eEMQ.cjsView on unpkg · L6Package ships non-JavaScript build or shell helper files.
scripts/download-tools.shView on unpkgPackage ships high-entropy non-source blobs.
tools/archives/difftastic-arm64-linux.tar.gzView on unpkgPackage ships compressed or archive-like blobs.
tools/archives/difftastic-arm64-linux.tar.gzView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/types-Bx4qEUwW.mjsView on unpkg