registry  /  @1presence/bridge  /  0.63.0

@1presence/bridge@0.63.0

Run 1Presence on your Mac and use your Claude.ai Pro subscription from any device

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a user-invoked bridge that authenticates with 1Presence, connects to its gateway, and drives local Claude/Claude Agent SDK workflows.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the 1presence-bridge CLI
Impact
User-authorized local bridge operation; possible self-update execution is disclosed by console but not lifecycle-triggered malware.
Mechanism
localhost auth, WebSocket bridge, Claude SDK/CLI orchestration, runtime npm update check
Rationale
Static inspection found risky primitives, but they are package-aligned for a CLI bridge and local Claude integration, with no unconsented install/import execution or exfiltration. The temp CLAUDE.md guard is an AI-agent control-surface write, but it is runtime-scoped to the bridge temp cwd and explicitly limits outside prompt influence rather than hijacking user agents.
Evidence
package.jsondist/index.jsdist/auth.jsdist/claudeAuth.jsdist/claude.jsdist/update.jsdist/outbox.jsdist/sessionPath.js~/.1presence/auth.json/tmp/1presence-bridge/CLAUDE.md/tmp/1presence-bridge/1presence-session-*.jsonl/tmp/1presence-bridge/1presence-outbox.jsonl
Network endpoints5
securetoken.googleapis.com/v1/tokenregistry.npmjs.org/@1presence/bridge/latestwss://api.1presence.appapp.1presence.appapi.1presence.app/mcp

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/update.js auto-checks npm registry and spawns npx to run a newer @1presence/bridge version at runtime.
  • dist/claude.js writes a CLAUDE.md guard into os.tmpdir()/1presence-bridge on module load, modifying an AI agent control file.
  • dist/claudeAuth.js invokes local claude CLI auth status/login when user runs bridge.
Evidence against
  • package.json lifecycle hooks are only tsc build steps; no install/postinstall hook executes shipped code.
  • dist/auth.js runs an explicit localhost browser sign-in flow with nonce/CORS and uses a public Firebase web API key for token refresh.
  • Network endpoints are aligned with bridge functionality: 1Presence gateway/PWA, Firebase token refresh, npm update check, and remote MCP URL.
  • dist/claude.js sets a dedicated temp working directory and passes settingSources: [] for Claude SDK rather than altering user/project settings.
  • No credential harvesting loop, broad filesystem scan, persistence, destructive action, or import-time exfiltration found in inspected files.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 131 KB of source, external domains: api.1presence.com, registry.npmjs.org, securetoken.googleapis.com

Source & flagged code

4 flagged · loading source
dist/auth.jsView file
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
High Secret

Package contains a high-severity secret pattern.

dist/auth.jsView on unpkg · L186
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
Secret Pattern

Google API key in dist/auth.js

dist/auth.jsView on unpkg · L186
dist/claudeAuth.jsView file
1import { spawn } from 'node:child_process'; L2: import { createInterface } from 'node:readline';
High
Child Process

Package source references child process execution.

dist/claudeAuth.jsView on unpkg · L1
dist/update.jsView file
18try { L19: const res = await fetch('https://registry.npmjs.org/@1presence/bridge/latest', { L20: signal: AbortSignal.timeout(3000), ... L28: console.log(`Updating to v${latest}…\n`); L29: const child = spawn('npx', ['--yes', `@1presence/bridge@${latest}`], { L30: stdio: 'inherit', L31: env: process.env, L32: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/update.jsView on unpkg · L18

Findings

5 High2 Medium5 Low
HighHigh Secretdist/auth.js
HighChild Processdist/claudeAuth.js
HighShell
HighSame File Env Network Executiondist/update.js
HighSecret Patterndist/auth.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings