AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time lifecycle code mutates the user's Claude Code settings to add an AI-agent Stop hook. The hook persists outside npm install and executes package code after Claude Code turns.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.js
- scripts/postinstall.js calls addHook() automatically during npm install
- scripts/settings.js writes ~/.claude/settings.json and appends hooks.Stop command
- Injected hook runs node scripts/notify.js after every Claude Code Stop event
- scripts/notify.js spawns Electron/native popup/osascript from the AI-agent hook
- README.md and INSTALL.md disclose the Claude Code Stop hook behavior
- No network endpoints or credential exfiltration found by source search
- Hook payload appears cosmetic notification/overlay behavior
- preuninstall.js and CLI can remove the package hook
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage ships non-JavaScript build or shell helper files.
native/build.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
scripts/notify.jsView on unpkg