AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The real risk is an explicit Claude Code extension lifecycle tool that can alter user and per-provider agent configuration when invoked.
Decision evidence
public snapshot- Explicit `sidewrite install` stages `~/.sidewrite-app`, symlinks CLIs, and runs `claude plugin marketplace add` plus `plugin install` in `plugin/scripts/cli.cjs`.
- `bin/sidewrite` user-invoked `code` path writes per-provider Claude config under `~/.claude-<provider>` and registers MCP tools.
- `sidewrite statusline install` writes `~/.claude/settings.json` in `plugin/scripts/cli.cjs`.
- Opt-in network egress exists for telemetry and remote config endpoints.
- `package.json` postinstall only runs `bootstrap.cjs preflight || exit 0`.
- `plugin/scripts/bootstrap.cjs` preflight checks environment and prints fixes; it does not install or write Claude config during postinstall.
- Claude Code install/remediation in `bootstrap.cjs` and `doctor.cjs` is consent-gated or explicit user-command only.
- Telemetry defaults to off and scrub/enqueue happens before flush in `viewer-daemon.cjs` and `telemetry-reporter.cjs`.
- Provider credentials are stored locally under `~/.claude-providers` with 0600 writes; no credential exfiltration found.
- Remote config is disabled by default and rejects non-HTTPS/api.anthropic.com URLs.
Source & flagged code
12 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
plugin/scripts/error-scrub.cjsView on unpkg · L285Supabase service role key (JWT) in plugin/scripts/error-scrub.cjs
plugin/scripts/error-scrub.cjsView on unpkg · L285Package source references child process execution.
plugin/scripts/onboarding.cjsView on unpkg · L31Package source references dynamic require/import behavior.
plugin/scripts/commands.cjsView on unpkg · L17Package source references weak cryptographic algorithms.
plugin/scripts/pool-compact.cjsView on unpkg · L26A single source file combines environment access, network access, and code or shell execution; review context before blocking.
plugin/scripts/updater.cjsView on unpkg · L33Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
plugin/scripts/process-manager.cjsView on unpkg · L178Source downloads or fetches remote code and executes it.
plugin/scripts/doctor.cjsView on unpkg · L30Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
plugin/scripts/doctor.cjsView on unpkg · L30This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
plugin/scripts/viewer-daemon.cjsView on unpkg