registry  /  usrcp-claude-code  /  0.2.0

usrcp-claude-code@0.2.0

USRCP capture adapter for Claude Code CLI - tails ~/.claude/projects/<dir>/*.jsonl session transcripts into usrcp-stream

AI Security Review

scanned 3d ago · by lpm-firewall-ai

Unable to establish source-grounded attack surface because package files were not inspected.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
I cannot provide a valid verdict without source inspection. This result should be retried in an environment where read-only file inspection commands can be run.

Decision evidence

public snapshot
AI called this Manual Review at 10.0% confidence as Unknown with high false-positive risk.
Evidence for warning
  • Inspection could not be performed in this read-only session before finalization.
Evidence against
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystem
    Supply chainNo supply-chain packaging signals triggered.
    ManifestNo manifest risk signals triggered.
    scanned 4 file(s), 22.6 KB of source

    Source & flagged code

    2 flagged · loading source
    package.jsonView file
    scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
    Critical
    Red Install Lifecycle Script

    Install-time lifecycle script matches a deterministic static-gate block pattern.

    package.jsonView on unpkg
    scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg

    Findings

    1 Critical1 High1 Medium2 Low
    CriticalRed Install Lifecycle Scriptpackage.json
    HighInstall Time Lifecycle Scriptspackage.json
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem