AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This is a persistent Claude Code extension. After installation, its session hook can modify its own Claude configuration and auto-download/run newer release installers.
Decision evidence
public snapshot- `install.js` writes GSD MCP, status-line, and hook entries to `~/.claude/settings.json`.
- `hooks/gsd-session-init.cjs` self-heals GSD configuration and spawns background auto-update on Claude session start.
- `hooks/gsd-auto-update.cjs` downloads release tarballs and executes their `install.js`; checksum verification is skipped when a release lacks one.
- `package.json` has no `preinstall`, `install`, or `postinstall`; `prepare` only links a Git pre-commit hook when `.git` exists.
- `cli.js` exposes installation and updates through named user commands.
- Network use is limited to allowlisted GitHub release/download hosts; no credential or project-data exfiltration was found.
- No obfuscated payload, eval/vm use, or arbitrary remote endpoint was found.
Source & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
install.jsView on unpkg · L215Package source references dynamic require/import behavior.
hooks/gsd-statusline.cjsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/gsd-auto-update.cjsView on unpkg