AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Claude Code MCP server with explicit user-command setup that installs hooks and registers an MCP entry. It can read Claude transcripts/projects and send encrypted session/file data to Indelible/BSV infrastructure when invoked by the user or installed hooks.
Decision evidence
public snapshot- src/index.js:6817 installHooks writes Claude Code hooks into ~/.claude/settings.local.json for indelible-mcp commands.
- src/index.js:7901 and 7912 wizard can run npm install -g @anthropic-ai/claude-code and claude mcp add after user runs the CLI.
- src/index.js:2475 reads Claude project transcripts; save_session encrypts and commits them to BSV/Indelible endpoints after wallet setup.
- src/index.js:6045 and 6098 diary_chat uses a configured OpenAI API key to call api.openai.com.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Agent config mutation is via explicit CLI setup/install-hooks or interactive wizard, not npm install-time execution.
- WIF/private key is encrypted locally in ~/.indelible/config.json; source does not send raw WIF to remote endpoints.
- Network calls are aligned with documented blockchain memory, bridge, API, diary, and user-supplied x402 features.
Source & flagged code
2 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
src/index.jsView on unpkg · L17A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/index.jsView on unpkg · L17