Extract and export AI coding tool logs grouped by repo
LPM treats this as warn-only first-party agent extension lifecycle risk. An explicit `npx hillclimb` setup installs persistent first-party integrations into detected AI coding tools. Those integrations execute `npx hillclimb@latest` on future agent events and upload session and git-trace data to the configured Hillclimb service.
Package contains a critical-looking secret pattern.
dist/pattern-worker.jsView on unpkg · L1189OpenSSH private key in dist/pattern-worker.js
dist/pattern-worker.jsView on unpkg · L3359Source appears to collect browser login credentials for exfiltration.
dist/cli.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L16This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L1068Package contains a critical-looking secret pattern.
dist/pattern-worker.jsView on unpkg · L1189OpenSSH private key in dist/pattern-worker.js
dist/pattern-worker.jsView on unpkg · L3359Source appears to collect browser login credentials for exfiltration.
dist/cli.jsView on unpkg · L16A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L16Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L1068This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg