registry  /  power-claude  /  3.0.88

power-claude@3.0.88

Spend less, run faster, never stall on Claude Code — save $115+/mo vs Max. Local orchestration via official CLI transport; auto-resume, Token Saver, multi-account continuity. Free to start.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The runtime can manage Claude Code credentials and hook configuration after extension/CLI use. The package's npm postinstall does not perform those actions because its referenced scripts are absent.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
VS Code startup, explicit `pc install`, or explicit rotation enablement
Impact
Can alter the active Claude Code credential and install lifecycle hooks; no confirmed credential exfiltration or install-time foreign control-surface mutation.
Mechanism
Local Claude credential rotation, hook setup, local proxying, and optional telemetry
Rationale
No concrete malicious install-time behavior or credential-exfiltration chain was confirmed. Warn because the obfuscated runtime manages a foreign Claude Code credential and hook surface, and a packaged opaque blob remains unresolved.
Evidence
package.jsonbin/power-claude-cli.jsbin/power-claude-proxy.jsbin/power-claude-rotator.jsout/extension.jsmedia/walkthrough/install.mdout/uninstall-hook.jsdata/runtime/engine.encdata/vendor/jq/manifest.json~/.claude/.credentials.json~/.power-claude/
Network endpoints4
api.anthropic.comapi.anthropic.com/api/oauth/profileapi.neural-llm.com/telemetryneural-llm.com/api/v1/power-claude/manifest.json

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/power-claude-*.js` and `out/extension.js` are heavily obfuscated, limiting auditability.
  • `out/extension.js` documents atomic writes to `~/.claude/.credentials.json` to rotate active accounts.
  • `out/extension.js` recognizes and manages Claude Code hook events including `PreToolUse` and `PostToolUse`.
  • `package.json` activates the extension on `onStartupFinished`; it also enables telemetry by default.
  • `data/runtime/engine.enc` is an opaque high-entropy runtime blob with no readable source explanation.
Evidence against
  • `package.json` postinstall only invokes two absent `scripts/...` paths, so the published package's install hook is a no-op.
  • `media/walkthrough/install.md` says hooks are created by explicit `pc install`, not npm installation.
  • `media/walkthrough/auto-rotation-engine.md` requires `pc rotation engine enable --i-understand` for automatic rotation.
  • The declared remote services are package-aligned: Anthropic OAuth/API and Power Claude telemetry/manifest hosts.
  • Vendored native files are documented jq 1.7.1 binaries with per-platform SHA-256 values in `data/vendor/jq/manifest.json`.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 4 file(s), 1.72 MB of source, external domains: api.anthropic.com, neural-llm.com
Oversized source lightweight scan
bin/power-claude-cli.js3.06 MB file, sampled 256 KB
FilesystemDynamicRequireObfuscatedHighEntropyStringsMinified
out/extension.js6.34 MB file, sampled 256 KB
FilesystemDynamicRequireObfuscatedMinified

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const{existsSync}=require('fs');const{spawnSync}=require('child_process');const steps=['scripts/release/merge-drivers/register.sh','scripts/release/install-bypass-guard.sh...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const{existsSync}=require('fs');const{spawnSync}=require('child_process');const steps=['scripts/release/merge-drivers/register.sh','scripts/release/install-bypass-guard.sh...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/power-claude-rotator.jsView file
matchType = previous_version_dangerous_delta matchedPackage = power-claude@3.0.82 matchedIdentity = npm:cG93ZXItY2xhdWRl:3.0.82 similarity = 1.000 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/power-claude-rotator.jsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const _0x532a45=_0x10f4;(function(_0x25c600,_0x14e66e){const _0xfe956c=_0x10f4,_0x5006ba=_0x25c600();while(!![]){try{const _0x49675d=-parseInt(_0xfe956c(0x2a0,'Vpp0'))...
High
Child Process

Package source references child process execution.

bin/power-claude-rotator.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x532a45=_0x10f4;(function(_0x25c600,_0x14e66e){const _0xfe956c=_0x10f4,_0x5006ba=_0x25c600();while(!![]){try{const _0x49675d=-parseInt(_0xfe956c(0x2a0,'Vpp0'))...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/power-claude-rotator.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x532a45=_0x10f4;(function(_0x25c600,_0x14e66e){const _0xfe956c=_0x10f4,_0x5006ba=_0x25c600();while(!![]){try{const _0x49675d=-parseInt(_0xfe956c(0x2a0,'Vpp0'))...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/power-claude-rotator.jsView on unpkg · L1
bin/power-claude-proxy.jsView file
1#!/usr/bin/env node L2: 'use strict';const _0x449b46=_0x223c;(function(_0x11d85f,_0x561a1d){const _0x1f2ad1=_0x223c,_0x523636=_0x11d85f();while(!![]){try{const _0x160ab9=-parseInt(_0x1f2ad1(0x1edf,'g3Tc')...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/power-claude-proxy.jsView on unpkg · L1
data/vendor/jq/jq-darwin-amd64View file
path = data/vendor/jq/jq-darwin-amd64 kind = native_binary sizeBytes = 851328 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

data/vendor/jq/jq-darwin-amd64View on unpkg
data/runtime/engine.encView file
path = data/runtime/engine.enc kind = high_entropy_blob sizeBytes = 487624 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

data/runtime/engine.encView on unpkg
bin/power-claude-cli.jsView file
path = bin/power-claude-cli.js kind = oversized_source_file sizeBytes = 3207700 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bin/power-claude-cli.jsView on unpkg
path = bin/power-claude-cli.js kind = oversized_cli_entrypoint sizeBytes = 3207700 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bin/power-claude-cli.jsView on unpkg

Findings

2 Critical7 High5 Medium6 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalPrevious Version Dangerous Deltabin/power-claude-rotator.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/power-claude-rotator.js
HighCommand Output Exfiltrationbin/power-claude-proxy.js
HighObfuscated Payload Loaderbin/power-claude-rotator.js
HighObfuscated
HighShips High Entropy Blobdata/runtime/engine.enc
HighOversized Source Filebin/power-claude-cli.js
MediumDynamic Requirebin/power-claude-rotator.js
MediumNetwork
MediumShips Native Binarydata/vendor/jq/jq-darwin-amd64
MediumOversized Cli Entrypointbin/power-claude-cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License