AI Security Review
scanned 12h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a Claude Code MCP client that can register itself and install persistent Claude hooks. These mutations occur when a user explicitly runs its setup flow, not during npm installation.
Decision evidence
public snapshot- `src/index.js` has no npm lifecycle hook, but its CLI `setup` installs Claude hooks.
- `installHooks()` writes `~/.claude/settings.local.json` with PreCompact, SessionStart, and PreToolUse commands.
- Interactive wizard invokes `claude mcp add --scope user indelible -- indelible-mcp`.
- Interactive wizard can run `npm install -g @anthropic-ai/claude-code` after the user starts it.
- Hook commands can save/restore context and inject a stored AI style at session start.
- `package.json` contains no preinstall, install, or postinstall script.
- The Claude configuration mutation is reached only through explicit CLI setup/wizard paths.
- No source evidence of silent install-time execution, remote code loading, or credential exfiltration.
- Wallet key material is encrypted locally and network calls are feature-aligned blockchain/API operations.
Source & flagged code
3 flagged · loading sourceSource appears to send environment or credential material to an external endpoint.
src/index.jsView on unpkg · L17A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
src/index.jsView on unpkg · L17Package source references dynamic require/import behavior.
src/index.jsView on unpkg · L111