registry  /  usrcp-claude-code  /  0.2.2

usrcp-claude-code@0.2.2

USRCP capture adapter for Claude Code CLI - tails ~/.claude/projects/<dir>/*.jsonl session transcripts into usrcp-stream

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious install or import-time attack surface. Runtime CLI can capture Claude Code conversation text from explicitly allowlisted project transcript files into the package's USRCP stream store.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall for native rebuild; user-invoked usrcp-claude-code CLI for capture
Impact
Captures conversational text for configured projects; no unconsented lifecycle agent-control mutation or exfil endpoint seen in package source.
Mechanism
allowlisted Claude Code JSONL tailer and stream capture adapter
Rationale
The scanner's lifecycle warning is explained by a native better-sqlite3 rebuild, while the AI-adjacent file access is user-invoked and gated by an empty-by-default allowlist. I found no install-time control-surface writes, persistence, credential harvesting, destructive behavior, or hardcoded exfiltration endpoint in the package source.
Evidence
package.jsondist/index.jsdist/config.jsdist/watcher.jsdist/capture.jsREADME.mdnode_modules/better-sqlite3/buildnode_modules/usrcp-core/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/build~/.usrcp/claude-code-config.json~/.claude/projects/<encoded-cwd>/*.jsonl

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • The package tails Claude Code JSONL transcripts from allowlisted projects and writes conversational content to usrcp-stream on user-run CLI.
  • It reads ~/.claude/projects and stores offsets in ~/.usrcp/claude-code-config.json.
Evidence against
  • package.json postinstall only deletes better-sqlite3 build directories under node_modules and runs npm rebuild better-sqlite3.
  • dist/index.js exits unless ~/.usrcp/claude-code-config.json has allowlisted_projects; default config is empty/no-op.
  • No install-time writes to CLAUDE.md, .mcp.json, .claude commands, shell startup files, hooks, or other agent control surfaces.
  • No hardcoded external URLs/endpoints found in inspected package source; streaming is delegated to package dependency usrcp-stream.
  • child_process execSync is only behind explicit --reset-config and runs usrcp setup --adapter=claude-code.
  • capture.js maps only user/assistant text turns and skips tool_use/tool_result blocks.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 22.6 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem