AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package installs a first-party Claude plugin/MCP server and prompt hook when enabled by the host platform. Its daemon proxies local LLM traffic, persists payloads locally by default, and can optionally export usage telemetry to a configured OTLP endpoint. No install-time foreign control-surface mutation or confirmed exfiltration is established.
Decision evidence
public snapshot- `.claude-plugin/plugin.json` registers an MCP server that executes `lib/mcp-server.mjs`.
- `hooks/hooks.json` registers `UserPromptSubmit`; `hooks/ttm-task-guard.mjs` automatically adds task-label guidance and writes session markers.
- `lib/mcp-server.mjs` starts a detached local daemon during MCP initialization.
- `lib/link.mjs` and `lib/tui-config.mjs` can rewrite Claude Code, Codex, and OpenCode base-URL settings after explicit `ttm link`.
- `lib/daemon.mjs` proxies LLM requests and, by default, stores request/response payload content locally.
- `lib/otel-export.mjs` supports outbound OTLP export only when the user configures an endpoint.
- `package.json` has no preinstall, install, or postinstall hook; only `prepublishOnly` runs tests.
- `lib/daemon.mjs` binds the proxy exclusively to `127.0.0.1`.
- No source-observed credential harvesting, remote code loading, eval/vm use, or arbitrary shell execution.
- The only child processes are the package daemon, local dashboard opener, and fixed `git` context queries.
- Payload persistence excludes request headers; comments and construction show API keys are not written to payload files.
- External configuration rewrites occur through explicit `ttm link`/`ttm unlink`, not package installation.
Source & flagged code
1 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/ttm.mjsView on unpkg