registry  /  power-claude  /  3.0.53

power-claude@3.0.53

AI Security Review

scanned 14d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package has high-risk dual-use behavior for managing Claude credentials, local hooks, proxying, and editor patching, but the inspected behavior is package-aligned.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall may fail due missing script; CLI/extension setup triggers local hook and proxy installation.
Impact
Can modify ~/.power-claude and ~/.claude settings when setup is run; can call Anthropic APIs with configured tokens for account validation/rotation.
Mechanism
Claude account rotation, local proxy, hook registration, and editor bundle patching.
Rationale
The package is risky and obfuscated, but inspected source ties credential use, local hooks, systemd services, and editor patching to the declared Power Claude functionality rather than a confirmed unconsented attack. The missing postinstall target is a packaging/install problem, not evidence of malware execution.
Evidence
package.jsonbin/power-claude-cli.jsbin/power-claude-rotator.jsbin/power-claude-proxy.jsout/uninstall-hook.jsscripts/lib/first-run-setup.shscripts/lib/probe-token.shscripts/lib/discover-emails.shscripts/emergency/uninstall.sh~/.power-claude/~/.claude/settings.json~/.claude/.credentials.json~/.config/systemd/user/
Network endpoints4
api.anthropic.com/v1/messagesapi.anthropic.com/api/oauth/profileapi.neural-llm.com/telemetryneural-llm.com/api/v1/power-claude/manifest.json

Decision evidence

public snapshot
AI called this Clean at 70.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • bin/power-claude-cli.js, bin/power-claude-rotator.js, and bin/power-claude-proxy.js are heavily obfuscated bundled JS.
  • package.json defines postinstall: bash scripts/release/merge-drivers/register.sh, but scripts/release is absent in extracted package.
  • scripts/lib/first-run-setup.sh can register Stop hooks in ~/.claude/settings.json and deploy scripts under ~/.power-claude.
  • scripts/lib/probe-token.sh and scripts/lib/discover-emails.sh send user Claude OAuth tokens to api.anthropic.com endpoints.
Evidence against
  • Hook/profile/token behavior is aligned with the advertised Claude account rotation and rate-limit recovery feature set in package.json.
  • first-run-setup.sh hook mutation is user-invoked CLI setup and supports --no-hooks; package activation text says prompts are used for extension lifecycle hooks.
  • out/uninstall-hook.js only invokes bundled emergency uninstall cleanup with --keep-ext.
  • No evidence found of credential exfiltration to non-Anthropic hosts; telemetry endpoint is declared as configurable product telemetry.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 5 file(s), 1.46 MB of source, external domains: api.anthropic.com, neural-llm.com
Oversized source lightweight scan
bin/power-claude-cli.js2.17 MB file, sampled 256 KB
FilesystemDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsneural-llm.com
out/extension.js4.77 MB file, sampled 256 KB
FilesystemCryptoDynamicRequireObfuscatedHighEntropyStringsMinifiedUrlStringsneural-llm.com

Source & flagged code

8 flagged · loading source
package.jsonView file
scripts.postinstall = bash scripts/release/merge-drivers/register.sh
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bash scripts/release/merge-drivers/register.sh
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/power-claude-rotator.jsView file
1#!/usr/bin/env node L2: 'use strict';const _0x2226e4=_0x200e;(function(_0x26915e,_0x3715c3){const _0x15a5d8=_0x200e,_0x5b622d=_0x26915e();while(!![]){try{const _0x389e7d=parseInt(_0x15a5d8(0x3b7,'IKne'))/...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/power-claude-rotator.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x2226e4=_0x200e;(function(_0x26915e,_0x3715c3){const _0x15a5d8=_0x200e,_0x5b622d=_0x26915e();while(!![]){try{const _0x389e7d=parseInt(_0x15a5d8(0x3b7,'IKne'))/...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/power-claude-rotator.jsView on unpkg · L1
data/vendor/jq/jq-darwin-amd64View file
path = data/vendor/jq/jq-darwin-amd64 kind = native_binary sizeBytes = 851328 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

data/vendor/jq/jq-darwin-amd64View on unpkg
scripts/emergency/uninstall.shView file
path = scripts/emergency/uninstall.sh kind = build_helper sizeBytes = 17101 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/emergency/uninstall.shView on unpkg
bin/power-claude-cli.jsView file
path = bin/power-claude-cli.js kind = oversized_source_file sizeBytes = 2274280 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bin/power-claude-cli.jsView on unpkg
path = bin/power-claude-cli.js kind = oversized_cli_entrypoint sizeBytes = 2274280 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bin/power-claude-cli.jsView on unpkg

Findings

4 High7 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated Payload Loaderbin/power-claude-rotator.js
HighObfuscated
HighOversized Source Filebin/power-claude-cli.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/power-claude-rotator.js
MediumNetwork
MediumShips Native Binarydata/vendor/jq/jq-darwin-amd64
MediumShips Build Helperscripts/emergency/uninstall.sh
MediumOversized Cli Entrypointbin/power-claude-cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License