AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Sidewrite is a Claude Code extension/runner with package-owned commands, hooks, a local dashboard daemon, and external-provider execution. The risk is guarded agent extension lifecycle setup rather than confirmed malicious behavior.
Decision evidence
public snapshot- plugin/.claude-plugin/plugin.json declares a Claude Code plugin with commands/skills/hooks.
- plugin/scripts/cli.cjs install stages ~/.sidewrite-app, runs claude plugin marketplace add/install --scope user, symlinks CLIs, and starts a daemon.
- plugin/hooks/hooks.json runs package scripts on Claude SessionStart/SessionEnd after plugin activation.
- bin/ccx launches claude with provider-supplied ANTHROPIC_BASE_URL/AUTH_TOKEN and CLAUDE_CONFIG_DIR under ~/.claude-<provider>.
- plugin/scripts/process-manager.cjs can spawn a detached localhost viewer daemon.
- package.json postinstall only runs bootstrap.cjs preflight and exits 0; inspected bootstrap main prints checks and does not install or mutate Claude config.
- Claude CLI install paths in bootstrap.cjs and doctor.cjs are consent-gated prompts, not silent lifecycle execution.
- Plugin registration is in explicit sidewrite install CLI, not npm install/import-time execution.
- ccx scrubs inherited environment with env -i and refuses api.anthropic.com provider URLs.
- Remote config and telemetry code are default-off/opt-in or notify-only; no confirmed credential harvesting/exfiltration found.
- error-scrub.cjs contains secret regexes/test literals for redaction, not embedded live secrets.
Source & flagged code
10 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
plugin/scripts/error-scrub.cjsView on unpkg · L285Supabase service role key (JWT) in plugin/scripts/error-scrub.cjs
plugin/scripts/error-scrub.cjsView on unpkg · L285Package source references child process execution.
plugin/scripts/onboarding.cjsView on unpkg · L31Package source references dynamic require/import behavior.
plugin/scripts/commands.cjsView on unpkg · L17A single source file combines environment access, network access, and code or shell execution; review context before blocking.
plugin/scripts/updater.cjsView on unpkg · L33Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
plugin/scripts/process-manager.cjsView on unpkg · L154Source downloads or fetches remote code and executes it.
plugin/scripts/doctor.cjsView on unpkg · L30Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
plugin/scripts/doctor.cjsView on unpkg · L30