AI Security Review
scanned 15d ago · by lpm-firewall-aiNo concrete malicious exfiltration or install-time payload was confirmed, but the package ships obfuscated executables and can mutate Claude agent hooks/settings during product setup. The unresolved risk is AI-agent control-surface modification plus credential/profile switching that is broadly package-aligned but high impact.
Decision evidence
public snapshot- bin/power-claude-cli.js, bin/power-claude-proxy.js, and bin/power-claude-rotator.js are heavily obfuscated one-line bundles.
- scripts/lib/first-run-setup.sh can copy hooks and register a Stop hook into ~/.claude/settings.json by default when CLI setup runs.
- scripts/hooks/rate-limit/debug-mode-init.sh injects instructions telling Claude to spawn a background subagent when debug mode is enabled.
- scripts/hooks/rate-limit/handler.sh can replace ~/.claude/.credentials.json with selected profile credentials for account rotation.
- bin/power-claude-proxy.js implements a local proxy and reads/writes ~/.power-claude and ~/.claude state.
- package.json declares postinstall bash scripts/release/merge-drivers/register.sh, but that file is absent in the package.
- No confirmed credential exfiltration endpoint found; Anthropic calls are aligned with Claude account rotation.
- External endpoints in package metadata/settings are neural-llm.com/api.neural-llm.com for license/update/telemetry and api.anthropic.com for Claude API use.
- package.json documents prompts/commands for hook installation and says activation prompts are dismissible before modifying ~/.claude.
- scripts/lib/first-run-setup.sh supports --no-hooks and describes hook registration as CLI/first-run setup behavior.
- out/uninstall-hook.js only runs bundled emergency/uninstall.sh with --keep-ext on VS Code uninstall.
- Destructive rm -rf behavior appears limited to user-invoked emergency/uninstall cleanup paths.
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
bin/power-claude-rotator.jsView on unpkg · L1Package source references dynamic require/import behavior.
bin/power-claude-rotator.jsView on unpkg · L1Package ships native binary artifacts.
data/vendor/jq/jq-darwin-amd64View on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/emergency/uninstall.shView on unpkgPackage contains source files above the static scanner size ceiling.
bin/power-claude-cli.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
bin/power-claude-cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
bin/power-claude-proxy.jsView on unpkg