llm-safe-haven

mcp
Security Audit
Fail
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Fail
  • os.homedir — User home directory access in hooks/audit-logger.js
  • process.env — Environment variable access in hooks/audit-logger.js
  • fs module — File system access in hooks/audit-logger.js
  • rm -rf — Recursive force deletion command in hooks/bash-firewall.js
  • process.env — Environment variable access in hooks/bash-firewall.js
  • exec() — Shell command execution in hooks/config-guard.js
  • fs module — File system access in lib/agents/aider.js
Permissions Pass
  • Permissions — No dangerous permissions requested

No AI report is available for this listing yet.

SUMMARY

One-liner for AI solo developers to fasten the security bolts on their systems

README.md

LLM Safe Haven

Socket Badge
npm version
License: MIT

Harden your AI coding agent in 60 seconds.

npx llm-safe-haven

What It Does

Detects your installed agents, installs security hooks, and scores your setup:

LLM Safe Haven -- Security Scorecard

  Detected agents:
    + Claude Code    -- Level 3 (hooks + audit + sandbox)
    + Cursor         -- Level 1 (ignore files + advice)
    . Windsurf       -- not installed

  Security Level: 2 of 4
  +--------------------------------------+
  | ##########..........  Level 2: Guarded |
  +--------------------------------------+

Supported Agents

Agent Tier What It Configures
Claude Code Full Hooks (bash-firewall, secret-guard, config-guard, audit-logger), settings.json, sandbox, audit logging
Cursor Solid .cursorignore, workspace trust guidance
Windsurf Solid .codeiumignore, limitation warnings
Cline Solid .clineignore
Continue.dev Solid .continueignore
Aider Solid .aiderignore, .env warnings
Codex CLI Solid .codexignore, sandbox guidance

Commands

npx llm-safe-haven               # Install hooks and harden (default)
npx llm-safe-haven audit          # Check security posture
npx llm-safe-haven audit --json   # Machine-readable for CI
npx llm-safe-haven scan           # Find exposed .env files
npx llm-safe-haven scan --supply-chain  # Scan for Miasma/Shai-Hulud IOCs (macOS/Linux)
npx llm-safe-haven update         # Update hooks to latest
npx llm-safe-haven --dry-run      # Preview without changing anything

Security Levels

Level Name What It Means
0 Exposed No hardening
1 Basic Hooks installed
2 Guarded + Audit logging + no .env files
3 Hardened + Credential proxy + deny rules
4 Fortified + Container isolation + network restrictions

Go Deeper

Why This Exists

In April 2026, three AI coding agents leaked secrets through a single prompt injection.
We hit the same problems, filed issues, built solutions, and documented everything.

Key issues from our investigation:

Contributing

Add a new agent module: create lib/agents/your-agent.js implementing the standard
interface (detect, harden, audit). See lib/agents/cursor.js
for a template.

License

MIT

Reviews (0)

No results found