registry  /  @1presence/bridge  /  0.62.0

@1presence/bridge@0.62.0

Run 1Presence on your Mac and use your Claude.ai Pro subscription from any device

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface; sensitive operations are runtime bridge behavior for an authenticated 1Presence/Claude local-mode CLI. The riskiest behavior is user-invoked remote prompt/MCP execution and self-update via npx, not install-time compromise.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs npx @1presence/bridge or the 1presence-bridge bin.
Impact
Routes user chat/tool activity through 1Presence gateway and local Claude Code; no unconsented install/import execution identified.
Mechanism
Authenticated local AI bridge with WebSocket gateway, Claude SDK calls, MCP tools, and npm self-update check.
Rationale
Static inspection shows a user-invoked bridge whose network, token handling, Claude subprocess/SDK usage, and file writes match the package purpose and are bounded by runtime authentication and tool restrictions. The scanner hits are real dual-use primitives but not evidence of malicious install-time execution or covert exfiltration.
Evidence
package.jsonREADME.mddist/index.jsdist/auth.jsdist/claude.jsdist/update.jsdist/outbox.jsdist/sessionPath.js/tmp/agent-${uid}.md/tmp/mcp-${uid}.json/tmp/1presence-bridge/CLAUDE.md~/.1presence/outbox/${conversationId}.json~/.1presence/auth.json
Network endpoints7
api.1presence.comwss://api.1presence.com/bridgeapi.1presence.com/system-prompt-for-bridgeapi.1presence.com/mcpapi.1presence.com/bridge/save-turnsecuretoken.googleapis.com/v1/tokenregistry.npmjs.org/@1presence/bridge/latest

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • Runtime CLI fetches remote system prompts and MCP config from 1Presence gateway in dist/index.js.
  • dist/update.js auto-checks npm registry and spawns npx for newer @1presence/bridge during CLI startup.
  • dist/claude.js writes a temp CLAUDE.md guard and auto-allows 1Presence/local MCP tools for SDK-driven Claude turns.
Evidence against
  • package.json prepare/prepack only run tsc; no install/postinstall hook executes package code.
  • Network/auth behavior is disclosed and package-aligned in README.md as a local 1Presence bridge.
  • dist/auth.js keeps auth in memory, deletes legacy ~/.1presence/auth.json, and uses nonce/CORS checks for localhost auth callback.
  • dist/claude.js strips ANTHROPIC_API_KEY, disables built-in tools, uses strictMcpConfig, and confines local read_session_file to current Claude session path.
  • No credential harvesting, persistence, destructive actions, dependency confusion, or reviewer/prompt-control file writes found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 10 file(s), 131 KB of source, external domains: api.1presence.com, registry.npmjs.org, securetoken.googleapis.com

Source & flagged code

4 flagged · loading source
dist/auth.jsView file
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
High Secret

Package contains a high-severity secret pattern.

dist/auth.jsView on unpkg · L186
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
Secret Pattern

Google API key in dist/auth.js

dist/auth.jsView on unpkg · L186
dist/claudeAuth.jsView file
1import { spawn } from 'node:child_process'; L2: import { createInterface } from 'node:readline';
High
Child Process

Package source references child process execution.

dist/claudeAuth.jsView on unpkg · L1
dist/update.jsView file
18try { L19: const res = await fetch('https://registry.npmjs.org/@1presence/bridge/latest', { L20: signal: AbortSignal.timeout(3000), ... L28: console.log(`Updating to v${latest}…\n`); L29: const child = spawn('npx', ['--yes', `@1presence/bridge@${latest}`], { L30: stdio: 'inherit', L31: env: process.env, L32: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/update.jsView on unpkg · L18

Findings

5 High2 Medium6 Low
HighHigh Secretdist/auth.js
HighChild Processdist/claudeAuth.js
HighShell
HighSame File Env Network Executiondist/update.js
HighSecret Patterndist/auth.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License