AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Explicit `init` fetches mutable remote framework content, writes an agent extension into the current project, and enables its configured hooks. No install-time execution or confirmed data-exfiltration chain is present.
Decision evidence
public snapshot- cli/init.js downloads an unpinned GitHub main-branch tarball with curl.
- cli/init.js extracts that tarball and copies template/.claude into the current project.
- template/.claude/settings.json registers automatic Claude Code command hooks.
- template/.claude/hooks/stop-gate.mjs can shell-execute project-configured stopGate commands.
- package.json has no preinstall, install, postinstall, or prepare lifecycle hook.
- Network retrieval occurs only after the user explicitly runs the init CLI.
- No source evidence of credential harvesting, exfiltration, stealth, or foreign control-surface writes.
- Default template/.claude/harness.json sets stopGate to an empty array.
- Guard hooks deny common secret-file access and recursive deletion.
Source & flagged code
2 flagged · loading sourcePackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
template/.claude/tooling/codebase_search.pyView on unpkgPackage ships non-JavaScript build or shell helper files.
template/.claude/tooling/codebase_search.pyView on unpkg