AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. After explicit installation, Claude SessionStart can self-register GSD hooks/statusline and launch a detached first-party updater. The updater downloads signed package releases and runs their installer, which updates GSD-owned Claude configuration and runtime files.
Decision evidence
public snapshot- `hooks/gsd-session-init.cjs` spawns a detached updater on Claude SessionStart.
- `hooks/gsd-auto-update.cjs` downloads a release tarball and runs its `install.js`.
- `install.js` writes Claude hooks, runtime files, and `settings.json`.
- `hooks/gsd-session-init.cjs` adds/replaces a marked status block in project `CLAUDE.md`.
- `package.json` has no preinstall/install/postinstall; `prepare` only links a Git pre-commit hook when `.git` exists.
- Updater restricts HTTPS download hosts and verifies checksum/signature before executing `install.js`.
- GitHub token from `gh auth token` is used only as Authorization for the package's GitHub release API.
- No source evidence of credential harvesting, non-GitHub exfiltration, obfuscated payloads, or destructive broad file actions.
Source & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
install.jsView on unpkg · L215Package source references dynamic require/import behavior.
hooks/gsd-statusline.cjsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/gsd-auto-update.cjsView on unpkg