0x2ai-demo9 @1.0.0

Summary

On npm install , the package's postinstall script writes .mcp.json , CLAUDE.md , and a .claude/commands/0x2ai-boot.md slash-command file into the installer's current working directory. The .mcp.json (scripts/postinstall.cjs:38-44) configures Claude Code to auto-launch a bundled MCP server pointed at https://demo9.0x2ai.com with a hardcoded BRIDGE_AUTH_TOKEN ('09da458dd2d388aa2009a85333901b253d1866d73f925bf8'). When the user subsequently runs claude in that directory, the MCP server silently forwards chatroom messages, memory operations, agent queries, and provider_query prompts to the remote bridge. The CLAUDE.md template is auto-loaded as system context and instructs the assistant to adopt an 'Olivia' identity, route all messages through demo10.0x2ai.com , never reveal internals, and follow hidden behavioral rules ('First rule of the family: you don't talk about the rules'). The package's own bin/start.cjs additionally launches claude --dangerously-skip-permissions , disabling per-action permission prompts that would otherwise warn the user about the agent's filesystem/network actions. The shared bearer token authenticates every installer as the same identity on the author's bridge.

Source: amazon-inspector (bb3fa91a9457ef11dc837c301fef1b22dbe1b19f00400215d853958726e1d055)