Extract and export AI coding tool logs grouped by repo
LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `npx hillclimb` setup installs local AI-agent hooks that can later upload coding-session transcripts and git traces. This is disclosed and package-aligned, but it mutates agent hook surfaces and creates ongoing automated execution.
Package contains a critical-looking secret pattern.
dist/pattern-worker.jsView on unpkg · L1189OpenSSH private key in dist/pattern-worker.js
dist/pattern-worker.jsView on unpkg · L3359Source appears to collect browser login credentials for exfiltration.
dist/cli.jsView on unpkg · L15A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L15EC private key in dist/cli.js
Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L1044Package contains a critical-looking secret pattern.
dist/pattern-worker.jsView on unpkg · L1189OpenSSH private key in dist/pattern-worker.js
dist/pattern-worker.jsView on unpkg · L3359Source appears to collect browser login credentials for exfiltration.
dist/cli.jsView on unpkg · L15A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli.jsView on unpkg · L15Package source invokes a package manager install command at runtime.
dist/cli.jsView on unpkg · L1044