AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has high-risk functionality because it manages Claude credentials, installs hooks, runs local proxy/CLI code, and ships obfuscated bundles.
Decision evidence
public snapshot- bin/*.js are heavily obfuscated bundled executables
- package.json defines postinstall: bash scripts/release/merge-drivers/register.sh, but that file is absent from package files
- bin/power-claude-proxy.js handles ~/.claude credentials and proxies Claude/Anthropic traffic
- scripts/lib/first-run-setup.sh can register Stop hooks in ~/.claude/settings.json
- No install-time payload source was present; postinstall target is missing rather than readable malicious code
- Hook registration is package-aligned and performed by first-run/CLI setup, not confirmed during import
- Network endpoints found are aligned with license/telemetry/update checks and Claude API proxying
- Scripts primarily copy package files into ~/.power-claude and manage rate-limit/account rotation state
- No confirmed credential exfiltration to non-product endpoints found in inspected source
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
bin/power-claude-rotator.jsView on unpkg · L1Package source references dynamic require/import behavior.
bin/power-claude-rotator.jsView on unpkg · L1Package ships native binary artifacts.
data/vendor/jq/jq-darwin-amd64View on unpkgPackage ships non-JavaScript build or shell helper files.
scripts/emergency/uninstall.shView on unpkgPackage contains source files above the static scanner size ceiling.
bin/power-claude-cli.jsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
bin/power-claude-cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/power-claude-proxy.jsView on unpkg