registry  /  claudeputer  /  1.1.5

claudeputer@1.1.5

Mobile and Web client for Claude Code and Codex (fork of happy)

AI Security Review

scanned 4h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a remote-control wrapper for Claude/Codex-style sessions and uses local hooks, child processes, and package-aligned network APIs as core user-invoked behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install runs postinstall; user runs happy/claudeputer/happy-mcp for runtime behavior
Impact
Installs bundled helper tools and, when invoked, allows authenticated remote management of local AI coding sessions
Mechanism
bundled tool extraction and authenticated remote session bridge
Rationale
Static source inspection shows risky primitives, but they are package-aligned, documented, and user-invoked; install-time behavior is limited to unpacking bundled tools inside the package. I found no unconsented mutation of a broad AI-agent control surface, exfiltration, destructive behavior, or remote payload execution.
Evidence
package.jsonscripts/unpack-tools.cjsbin/happy.mjsbin/happy-mcp.mjsscripts/session_hook_forwarder.cjsdist/index-JP6If7qH.mjsdist/types-Bx4qEUwW.mjsREADME.mdtools/unpacked~/.happy/settings.json~/.happy/credentials.json~/.happy/tmp/hooks/session-hook-<pid>.json
Network endpoints3
api.cluster-fluster.comapp.happy.engineeringhappy.engineering

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node scripts/unpack-tools.cjs
  • scripts/unpack-tools.cjs extracts bundled rg/difftastic archives and chmods binaries under tools/unpacked
  • dist/index-JP6If7qH.mjs creates temporary Claude SessionStart hook settings for happy session tracking
  • Runtime connects to api.cluster-fluster.com/app.happy.engineering for authenticated remote session control
Evidence against
  • postinstall only reads package archives and writes tools/unpacked inside the package; no network or home config mutation
  • Claude hook settings are generated under HAPPY_HOME_DIR/tmp/hooks and passed via --settings to launched Claude, not installed into ~/.claude/settings.json
  • Network endpoints are documented defaults in README.md and package-aligned
  • No credential harvesting beyond package auth credentials; attachment/session data is encrypted before upload
  • No eval/vm/remote payload execution found in inspected entrypoints and scripts
  • Child process use launches declared local CLIs/tools as user-invoked functionality
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 37 file(s), 1.67 MB of source, external domains: 127.0.0.1, accounts.google.com, api.anthropic.com, api.cluster-fluster.com, api.deepseek.com, api.openai.com, api.z.ai, app.happy.engineering, auth.openai.com, claude.ai, console.anthropic.com, developers.google.com, github.com, goo.gle, happy.engineering, oauth2.googleapis.com, registry.npmjs.org, www.apple.com, www.googleapis.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/unpack-tools.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/happy-dev.mjsView file
2L3: import { execFileSync } from 'child_process'; L4: import { fileURLToPath } from 'url';
High
Child Process

Package source references child process execution.

bin/happy-dev.mjsView on unpkg · L2
8// Check if we're already running with the flags L9: const hasNoWarnings = process.execArgv.includes('--no-warnings'); L10: const hasNoDeprecation = process.execArgv.includes('--no-deprecation');
High
Shell

Package source references shell execution.

bin/happy-dev.mjsView on unpkg · L8
dist/types-rEJf9J_x.cjsView file
2L3: var axios = require('axios'); L4: var chalk = require('chalk');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/types-rEJf9J_x.cjsView on unpkg · L2
dist/index-Bdc0eEMQ.cjsView file
6Cross-file remote execution chain: dist/index-Bdc0eEMQ.cjs spawns scripts/claude_local_launcher.cjs; helper contains network access plus dynamic code execution. L6: var api = require('./types-rEJf9J_x.cjs'); L7: var node_child_process = require('node:child_process'); L8: var node_path = require('node:path'); ... L16: var node_url = require('node:url'); L17: var axios = require('axios'); L18: require('node:events'); ... L346: const projectId = node_path.resolve(workingDirectory).replace(/[^a-zA-Z0-9-]/g, "-"); L347: const claudeConfigDir = process.env.CLAUDE_CONFIG_DIR || node_path.join(os.homedir(), ".claude"); L348: return node_path.join(claudeConfigDir, "projects", projectId); ... L362: try { L363: const parsed = JSON.parse(v); L364: return typeof parsed.uuid === "string" && parsed.uuid.length > 0 || // Claude Code 2.1.x
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index-Bdc0eEMQ.cjsView on unpkg · L6
6var api = require('./types-rEJf9J_x.cjs'); L7: var node_child_process = require('node:child_process'); L8: var node_path = require('node:path'); ... L16: var node_url = require('node:url'); L17: var axios = require('axios'); L18: require('node:events'); ... L346: const projectId = node_path.resolve(workingDirectory).replace(/[^a-zA-Z0-9-]/g, "-"); L347: const claudeConfigDir = process.env.CLAUDE_CONFIG_DIR || node_path.join(os.homedir(), ".claude"); L348: return node_path.join(claudeConfigDir, "projects", projectId); ... L362: try { L363: const parsed = JSON.parse(v); L364: return typeof parsed.uuid === "string" && parsed.uuid.length > 0 || // Claude Code 2.1.x
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/index-Bdc0eEMQ.cjsView on unpkg · L6
scripts/download-tools.shView file
path = scripts/download-tools.sh kind = build_helper sizeBytes = 4241 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/download-tools.shView on unpkg
tools/archives/difftastic-arm64-linux.tar.gzView file
path = tools/archives/difftastic-arm64-linux.tar.gz kind = high_entropy_blob sizeBytes = 11425536 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

tools/archives/difftastic-arm64-linux.tar.gzView on unpkg
path = tools/archives/difftastic-arm64-linux.tar.gz kind = compressed_blob sizeBytes = 11425536 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

tools/archives/difftastic-arm64-linux.tar.gzView on unpkg
dist/types-Bx4qEUwW.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = claudeputer@1.1.4 matchedIdentity = npm:Y2xhdWRlcHV0ZXI:1.1.4 similarity = 0.946 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/types-Bx4qEUwW.mjsView on unpkg

Findings

1 Critical5 High7 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/types-Bx4qEUwW.mjs
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/happy-dev.mjs
HighShellbin/happy-dev.mjs
HighCross File Remote Execution Contextdist/index-Bdc0eEMQ.cjs
HighShips High Entropy Blobtools/archives/difftastic-arm64-linux.tar.gz
MediumDynamic Requiredist/types-rEJf9J_x.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/index-Bdc0eEMQ.cjs
MediumShips Build Helperscripts/download-tools.sh
MediumShips Compressed Blobtools/archives/difftastic-arm64-linux.tar.gz
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings