AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. The package performs unconsented install-time mutation of Claude Code control files in the installing project. It persists package-owned hooks that inject agent context and run npx code-brain on Claude sessions/tool use.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.cjs || true
- scripts/postinstall.cjs writes .claude/skills/code-brain/SKILL.md during install
- scripts/postinstall.cjs creates/appends CLAUDE.md with code-brain instructions
- scripts/postinstall.cjs mutates .claude/settings.json hooks to run npx code-brain session-start and pre-tool-nudge
- dist/hooks/adoption-hooks.js injects SessionStart and PreToolUse context steering Claude tool choice
- README.md openly documents the auto-wired Claude hooks
- Hook commands are package-aligned and call local code-brain CLI behavior
- No credential harvesting or exfiltration endpoints found in inspected files
- Dynamic require in dist/db/better-sqlite-driver.js only loads optional better-sqlite3
- Shell use is limited to user-invoked CLI features such as graph opener and git helpers
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
dist/db/better-sqlite-driver.jsView on unpkg · L4Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.cjsView on unpkg · L4Manifest entrypoint contains risky behavior absent from dist/build output.
scripts/postinstall.cjsView on unpkg · L16