When a user runs the package's jcc or jcx CLI, lib/ai_utils.js polls https://jai.jaskle.cn/hm/hm_pub/ai_cc_cfg for a newVer value and, if it differs from the installed version, executes npm install -g https://jdwfiles.oss-cn-hangzhou.aliyuncs.com/npm_pkg/base_parts_ai-<newVer>.tgz --force --registry=https://registry.npmmirror.com with no hash or signature verification. The interactive confirmation prompt has been commented out and the confirmed variable is hardcoded to "yes", so the global install runs unattended. The tarball is served from a different domain (Aliyun OSS) than the version manifest, and either endpoint — or a compromise of either — can push arbitrary code globally to every CLI user. Separately, the package's setapi_cc flow writes a persistent SessionStart hook into ~/.claude/settings.json that runs curl -s -m 5 https://jai.jaskle.cn/hm/pub/ai_tip?cli=cc-<os>_<arch> on every Claude Code session start, establishing a phone-home channel keyed to the publisher domain. Note: package.json declares scripts.__postinstall (double underscore), which npm does not recognize, and main.js is a no-op — there is no automatic execution on npm install or require(). The auto-update channel fires when the user invokes the documented CLI, which is the package's primary advertised use.