registry  /  power-claude  /  3.0.92

power-claude@3.0.92

Spend less, run faster, never stall on Claude Code — save $115+/mo vs Max. Local orchestration via official CLI transport; auto-resume, Token Saver, multi-account continuity. Free to start.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package has a broad, obfuscated runtime that handles Claude Code credentials and agent-extension state. Its npm postinstall is inert because both referenced shell scripts are missing from this tarball.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Running the CLI or activating the VS Code extension; lifecycle hooks require an explicit command/configuration action.
Impact
Can overwrite the active Claude credential profile for its account-rotation feature and register package hooks after consent; default inbound-message watching creates an agent-control capability.
Mechanism
Encrypted runtime deployment plus Claude account rotation, local hooks, and AI-agent messaging.
Rationale
Warn rather than block: the install hook is inert, but opaque runtime code and privileged Claude Code credential/configuration handling leave a real agent-extension lifecycle risk. The evidence supports dangerous capability rather than a concrete malicious chain.
Evidence
package.jsonREADME.mdbin/power-claude-cli.jsbin/power-claude-proxy.jsbin/power-claude-rotator.jsout/extension.jsout/uninstall-hook.jsdata/runtime/engine.enc~/.claude/.credentials.json~/.claude/settings.json~/.power-claude/
Network endpoints3
api.anthropic.comapi.anthropic.com/api/oauth/profileneural-llm.com/license/validate

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/power-claude-*.js` and `out/extension.js` are heavily obfuscated.
  • `bin/power-claude-cli.js` decrypts and installs `data/runtime/engine.enc`.
  • Runtime code references Claude credentials, settings, hooks, and token material.
  • `package.json` enables invisible inbound AI-agent message watching by default.
  • `package.json` documents optional lifecycle-hook registration in `~/.claude/settings.json`.
Evidence against
  • The only npm `postinstall` targets are absent from the published package, so it exits without mutation.
  • No packaged install script writes to a foreign AI-agent surface.
  • Documented license traffic is package-aligned; observed Anthropic URLs support its Claude integration.
  • Hook installation is described as command-palette opt-in with explicit consent.
  • No concrete credential exfiltration, destructive command, or remote payload download was confirmed.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 4 file(s), 1.72 MB of source, external domains: api.anthropic.com
Oversized source lightweight scan
bin/power-claude-cli.js3.06 MB file, sampled 256 KB
FilesystemNetworkDynamicRequireObfuscatedHighEntropyStringsMinified
out/extension.js6.24 MB file, sampled 256 KB
FilesystemCryptoDynamicRequireObfuscatedHighEntropyStringsMinified

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const{existsSync}=require('fs');const{spawnSync}=require('child_process');const steps=['scripts/release/merge-drivers/register.sh','scripts/release/install-bypass-guard.sh...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const{existsSync}=require('fs');const{spawnSync}=require('child_process');const steps=['scripts/release/merge-drivers/register.sh','scripts/release/install-bypass-guard.sh...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/power-claude-proxy.jsView file
matchType = previous_version_dangerous_delta matchedPackage = power-claude@3.0.88 matchedIdentity = npm:cG93ZXItY2xhdWRl:3.0.88 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/power-claude-proxy.jsView on unpkg
1#!/usr/bin/env node L2: 'use strict';const _0x23a8d6=_0x3e88;(function(_0xbb701f,_0x21fc97){const _0x3c0d53=_0x3e88,_0x3149c7=_0xbb701f();while(!![]){try{const _0x49587b=parseInt(_0x3c0d53(0x1ff5,'wkxN'))...
High
Child Process

Package source references child process execution.

bin/power-claude-proxy.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x23a8d6=_0x3e88;(function(_0xbb701f,_0x21fc97){const _0x3c0d53=_0x3e88,_0x3149c7=_0xbb701f();while(!![]){try{const _0x49587b=parseInt(_0x3c0d53(0x1ff5,'wkxN'))...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/power-claude-proxy.jsView on unpkg · L1
bin/power-claude-rotator.jsView file
1#!/usr/bin/env node L2: 'use strict';const _0x469693=_0x2e04;function _0x4f3a(){const _0x18818a=['WOtdGItcLGu','srf8FCkbfa3dVNPDWQ3dP8oOW7m','[redacted]','W7z/omorl1SaW48bW4KKp...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

bin/power-claude-rotator.jsView on unpkg · L1
1#!/usr/bin/env node L2: 'use strict';const _0x469693=_0x2e04;function _0x4f3a(){const _0x18818a=['WOtdGItcLGu','srf8FCkbfa3dVNPDWQ3dP8oOW7m','[redacted]','W7z/omorl1SaW48bW4KKp...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/power-claude-rotator.jsView on unpkg · L1
data/vendor/jq/jq-darwin-amd64View file
path = data/vendor/jq/jq-darwin-amd64 kind = native_binary sizeBytes = 851328 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

data/vendor/jq/jq-darwin-amd64View on unpkg
data/runtime/engine.encView file
path = data/runtime/engine.enc kind = high_entropy_blob sizeBytes = 487624 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

data/runtime/engine.encView on unpkg
bin/power-claude-cli.jsView file
path = bin/power-claude-cli.js kind = oversized_source_file sizeBytes = 3207200 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

bin/power-claude-cli.jsView on unpkg
path = bin/power-claude-cli.js kind = oversized_cli_entrypoint sizeBytes = 3207200 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

bin/power-claude-cli.jsView on unpkg

Findings

2 Critical7 High5 Medium6 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalPrevious Version Dangerous Deltabin/power-claude-proxy.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/power-claude-proxy.js
HighCommand Output Exfiltrationbin/power-claude-proxy.js
HighObfuscated Payload Loaderbin/power-claude-rotator.js
HighObfuscated
HighShips High Entropy Blobdata/runtime/engine.enc
HighOversized Source Filebin/power-claude-cli.js
MediumDynamic Requirebin/power-claude-rotator.js
MediumNetwork
MediumShips Native Binarydata/vendor/jq/jq-darwin-amd64
MediumOversized Cli Entrypointbin/power-claude-cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License