AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit scaffold command can configure a project-local Claude Code PostToolUse hook and Git pre-push hook. These are package-owned development-control surfaces, not install-time mutations.
Decision evidence
public snapshot- Explicit scaffold config writes `.claude/settings.json` with a Claude PostToolUse command hook.
- `runInit` configures `git core.hooksPath` and ships executable pre-push tooling.
- Project validator modules under `.harness/validators` are dynamically imported during validation.
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- All writes occur after the user invokes the scaffold CLI; no import-time execution found.
- Claude settings invoke the package-owned `.harness/hooks/post-edit-validate.mjs` validator.
- Child-process use is bounded to git, npm pack, tar, and harness commands; no shell payload or eval found.
- Unicode-control scan found no Trojan Source controls in `dist/lint/chunk-lint.js`.
- No credential harvesting, exfiltration, destructive behavior, or hard-coded network endpoint found.
Source & flagged code
3 flagged · loading sourcePackage source references dynamic require/import behavior.
dist/validate/chain.jsView on unpkg · L184Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/lint/chunk-lint.jsView on unpkg · L45A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/lint/chunk-lint.jsView on unpkg