cc-design

This module is not inherently malicious by itself, but it enables high-impact execution of three local bash scripts determined by ${CLAUDE_PLUGIN_ROOT} at multiple lifecycle events. The supply-chain risk is therefore dominated by the integrity and trustworthiness of the referenced session-start, pre-compact-preserve, and stop-cleanup scripts, and by whether ${CLAUDE_PLUGIN_ROOT} and the hooks directory can be tampered with. Review the contents of those scripts and ensure path integrity/permissions and supply-chain integrity controls.

No direct evidence of intentional malware (e.g., credential theft, persistence, or explicit data exfiltration) is present in this wrapper. However, it processes attacker-controlled local HTML in an automated headless Chromium environment without explicit network/script restrictions, creating a meaningful risk surface for outbound requests or rendering-driven effects. Editable mode further increases uncertainty because it relies on a locally required html2pptx.js helper; its safety is not verifiable from this snippet. Overall: treat as a potentially risky document-conversion tool when the input HTML or the packaged helper can be influenced by an attacker.