claude-to-im

No explicit malicious payload (no eval/Function, no network exfiltration, no persistence/backdoor code) is evident in the provided fragment. However, the module’s supply-chain-like risk comes from local binary execution: it can execute a CLI path selected from PATH/well-known locations and, critically, it can accept an attacker-influenced executable path via CTI_CLAUDE_CODE_EXECUTABLE without allowlisting or trust verification. Additionally, it streams untrusted CLI/assistant/tool output and may surface stderr-derived text to the caller, creating potential data exposure and downstream rendering risks. Review query()/buildSubprocessEnv() for env/path/arg sanitization and validate the permission system and SSE consumer handling.