AI Security Review
scanned 13h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit CLI setup installs persistent Claude Code hooks into the user's settings. Those hooks invoke this package during Claude lifecycle events and use package-managed wallet/context data.
Decision evidence
public snapshot- `src/index.js` setup invokes `installHooks()`.
- `installHooks()` writes `~/.claude/settings.local.json`.
- It adds PreCompact, SessionStart, and PreToolUse command hooks.
- Hooks invoke `indelible-mcp` and can save/restore context.
- Runtime sends encrypted blockchain data to configured SPV bridges.
- `package.json` has no preinstall/install/postinstall lifecycle hook.
- Claude configuration mutation requires explicit `setup` or `install-hooks` CLI use.
- No source evidence of arbitrary env/file harvesting or secret exfiltration.
- WIF is read from local config/keychain and used for local signing/encryption.
- Network calls are aligned with documented BSV bridge, health, and API operations.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
src/index.jsView on unpkg · L17A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/index.jsView on unpkg · L17Package source references dynamic require/import behavior.
src/index.jsView on unpkg · L111