AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall automatically modifies the user's Claude Code control configuration. It adds package-provided session and tool-event hooks without an explicit setup command.
Decision evidence
public snapshot- package.json defines postinstall.
- scripts/postinstall.js creates ~/.superlocalmemory and runs pip.
- scripts/postinstall.js unconditionally invokes `slm hooks install`.
- src/superlocalmemory/hooks/claude_code_hooks.py targets ~/.claude/settings.json and writes hook commands.
- Installed hooks run `slm hook` on Claude Code session/tool events.
- preuninstall.js only reports preserved data; it does not delete it.
- Reviewed lifecycle source shows no credential collection or exfiltration endpoint.
- Embedded local MCP proxy uses 127.0.0.1 only.
Source & flagged code
8 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references a known benign dynamic code generation pattern.
src/superlocalmemory/ui/vendor/d3.v7.min.jsView on unpkg · L1Package source references dynamic require/import behavior.
ide/hooks/memory-profile-skill.jsView on unpkg · L6Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/postinstall.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
ide/completions/slm.zshView on unpkgPackage ships high-entropy non-source blobs.
src/superlocalmemory/ui/vendor/bootstrap-icons/fonts/bootstrap-icons.woff2View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
ide/integrations/llamaindex/tests/test_security.pyView on unpkg