registry  /  power-claude  /  3.0.52

power-claude@3.0.52

AI Security Review

scanned 14d ago · by lpm-firewall-ai

The package is a highly privileged Claude Code/VS Code integration that can mutate Claude settings, hooks, extension files, and active Claude OAuth credentials. Obfuscation plus a broken/missing postinstall target leaves unresolved supply-chain risk, but source inspection did not confirm exfiltration or a working install-time attack.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
npm install postinstall, VS Code extension activation, or user-invoked power-claude CLI/scripts
Impact
Can alter Claude control surfaces and switch ~/.claude credentials; unresolved risk due to obfuscated executables and missing lifecycle script target.
Mechanism
obfuscated local proxy and Claude credential/hook rotation tooling
Attack narrative
On install, npm would attempt to run a postinstall registration script that is not present in the extracted package. At runtime, the extension/CLI provides a local proxy and hook system that reads and rewrites Claude OAuth credential files and patches Claude Code/VS Code integration points. These behaviors are package-aligned but highly privileged; the heavy obfuscation prevents full source confidence.
Rationale
Static inspection confirms dangerous privileged behavior and obfuscated executables, but not a concrete credential-exfiltration endpoint or functioning install-time malicious payload. Treat as unresolved high-risk/suspicious rather than confirmed malicious.
Evidence
package.jsonbin/power-claude-cli.jsbin/power-claude-proxy.jsbin/power-claude-rotator.jsscripts/hooks/rate-limit/handler.shscripts/lib/link-account.shscripts/emergency/uninstall.shout/uninstall-hook.js~/.claude/.credentials.json~/.claude/settings.json~/.claude/hooks/~/.claude/state/~/.power-claude/VS Code extension dirs matching anthropic.claude-code-*
Network endpoints4
api.anthropic.com/api/oauth/profileneural-llm.com127.0.0.1:*localhost:*

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/power-claude-cli.js, bin/power-claude-proxy.js, and bin/power-claude-rotator.js are heavily obfuscated bundled executables.
  • package.json declares postinstall "bash scripts/release/merge-drivers/register.sh", but that file is absent from the extracted package.
  • scripts/hooks/rate-limit/handler.sh copies selected profiles into ~/.claude/.credentials.json to rotate Claude credentials.
  • scripts/lib/link-account.sh reads OAuth tokens from ~/.claude/.credentials.json and calls https://api.anthropic.com/api/oauth/profile.
  • Multiple scripts patch Claude Code/VS Code extension files and ~/.claude/settings.json hooks.
Evidence against
  • No confirmed install-time payload was readable because the declared postinstall target is missing from the package.
  • Credential handling and local proxying align with the package's stated Claude account-rotation purpose.
  • Network evidence is primarily local proxy endpoints, api.anthropic.com, and the vendor site neural-llm.com.
  • No direct evidence found of sending Claude tokens to an unrelated third-party host.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 5 file(s), 1.47 MB of source, external domains: neural-llm.com
Oversized source lightweight scan
bin/power-claude-cli.js2.18 MB file, sampled 256 KB
FilesystemChildProcessDynamicRequireObfuscatedHighEntropyStringsMinified
out/extension.js4.83 MB file, sampled 256 KB
FilesystemDynamicRequireObfuscatedHighEntropyStringsMinified

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.postinstall = bash scripts/release/merge-drivers/register.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bash scripts/release/merge-drivers/register.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/power-claude-rotator.jsView file
1#!/usr/bin/env node L2: 'use strict';const _0x2226e4=_0x200e;(function(_0x26915e,_0x3715c3){const _0x15a5d8=_0x200e,_0x5b622d=_0x26915e();while(!![]){try{const _0x389e7d=parseInt(_0x15a5d8(0x3b7,'IKne'))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/power-claude-rotator.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x2226e4=_0x200e;(function(_0x26915e,_0x3715c3){const _0x15a5d8=_0x200e,_0x5b622d=_0x26915e();while(!![]){try{const _0x389e7d=parseInt(_0x15a5d8(0x3b7,'IKne'))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/power-claude-rotator.jsView on unpkg · L1
data/vendor/jq/jq-darwin-amd64View file
path = data/vendor/jq/jq-darwin-amd64 kind = native_binary sizeBytes = 851328 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

data/vendor/jq/jq-darwin-amd64View on unpkg
scripts/emergency/uninstall.shView file
path = scripts/emergency/uninstall.sh kind = build_helper sizeBytes = 17101 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/emergency/uninstall.shView on unpkg
bin/power-claude-cli.jsView file
path = bin/power-claude-cli.js kind = oversized_source_file sizeBytes = 2290163 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bin/power-claude-cli.jsView on unpkg
path = bin/power-claude-cli.js kind = oversized_cli_entrypoint sizeBytes = 2290163 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bin/power-claude-cli.jsView on unpkg
bin/power-claude-proxy.jsView file
matchType = previous_version_dangerous_delta matchedPackage = power-claude@3.0.49 matchedIdentity = npm:cG93ZXItY2xhdWRl:3.0.49 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/power-claude-proxy.jsView on unpkg

Findings

1 Critical4 High7 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/power-claude-proxy.js
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderbin/power-claude-rotator.js
HighObfuscated
HighOversized Source Filebin/power-claude-cli.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/power-claude-rotator.js
MediumNetwork
MediumShips Native Binarydata/vendor/jq/jq-darwin-amd64
MediumShips Build Helperscripts/emergency/uninstall.sh
MediumOversized Cli Entrypointbin/power-claude-cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License