AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a user-invoked CLI bridge that connects local Claude Code to 1Presence services, with package-aligned network and local setup behavior.
Decision evidence
public snapshot- dist/update.js runtime check fetches npm latest and spawns npx for @1presence/bridge@latest.
- dist/index.js writes per-user temp system prompt and MCP config containing a bearer token.
- dist/claude.js creates a local MCP read_session_file tool, confined by dist/sessionPath.js.
- package.json has no preinstall/install/postinstall; prepare is only tsc.
- Network use is package-aligned bridge traffic to api.1presence.com, Firebase token refresh, and npm self-update check.
- dist/claude.js disables built-in tools, uses strictMcpConfig, allowlists 1Presence/local MCP tools, and strips ANTHROPIC_API_KEY.
- dist/auth.js browser auth uses localhost nonce and origin-scoped CORS; Firebase API key is commented as public web key.
- dist/outbox.js spools only bridge turn records under ~/.1presence/outbox with mode 0600 for retry.
Source & flagged code
5 flagged · loading sourceA single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/update.jsView on unpkg · L18This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/index.jsView on unpkg