AI Security Review
scanned 56m ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. After a user installs GSD, its SessionStart hook can perform a background self-update. This is package-owned Claude extension lifecycle behavior, not an npm lifecycle attack.
Decision evidence
public snapshot- `hooks/gsd-session-init.cjs` launches a detached auto-update hook on Claude session start.
- `hooks/gsd-auto-update.cjs` fetches GitHub release metadata and downloads an update tarball.
- The updater executes the downloaded package's `install.js` and rewrites GSD Claude configuration/cache.
- `install.js` copies hooks and registers GSD MCP/hooks in `~/.claude/settings.json`.
- `package.json` has no npm `preinstall`, `install`, or `postinstall` hook.
- `cli.js` exposes installation as explicit `gsd install`; `prepare` only links a VCS pre-commit hook when `.git` exists.
- `hooks/gsd-auto-update.cjs` restricts downloads to GitHub hosts and verifies SHA-256 plus Ed25519 signatures for releases >= 0.8.3.
- No credential harvesting, unrelated exfiltration, destructive payload, eval, or foreign-agent mutation was found.
Source & flagged code
5 flagged · loading sourcePackage source invokes a package manager install command at runtime.
install.jsView on unpkg · L215Package source references dynamic require/import behavior.
hooks/gsd-statusline.cjsView on unpkg · L5This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
hooks/gsd-auto-update.cjsView on unpkg