registry  /  @1presence/bridge  /  0.68.0

@1presence/bridge@0.68.0

Run 1Presence on your Mac and use your Claude.ai Pro subscription from any device

AI Security Review

scanned 2h ago · by lpm-firewall-ai

User-run bridge connects to 1Presence and invokes the local Claude runtime for relayed conversations. The observed network, subprocess, and temporary-file use implement the documented bridge behavior; no confirmed malicious attack chain is established.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `1presence-bridge` or `npx @1presence/bridge`.
Impact
Can process user-authorized 1Presence conversations and connector tools through the local Claude subscription.
Mechanism
Authenticated 1Presence relay to a constrained Claude/MCP runtime.
Rationale
Static inspection shows a documented, user-invoked remote-agent bridge with expected network and Claude subprocess behavior. Its lifecycle hook only compiles TypeScript, and source-level guards constrain local access and tool execution; no concrete malicious behavior was found.
Evidence
package.jsondist/index.jsdist/auth.jsdist/claude.jsdist/claudeAuth.jsdist/update.jsdist/sessionPath.jsdist/outbox.jsdist/accumulator.jsREADME.md
Network endpoints3
api.1presence.comregistry.npmjs.org/@1presence/bridge/latestsecuretoken.googleapis.com/v1/token

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Runtime CLI opens an authenticated WebSocket to the 1Presence gateway and relays messages to Claude.
  • `dist/update.js` can invoke `npx` only after its runtime update check finds a newer package.
  • `dist/index.js` downloads gateway-requested document content for an explicit vision-reconstruction feature.
Evidence against
  • `package.json` has only `prepare: tsc`; no preinstall/install/postinstall hook.
  • Entry point is a user-invoked CLI/bin, not import-time background execution.
  • Auth tokens are kept in memory; `dist/auth.js` removes the legacy persisted auth file.
  • MCP configuration and system prompt are written as mode `0600` temporary files.
  • Claude runtime disables built-in tools and permits only 1Presence MCP plus a session-confined read-only local tool.
  • No credential harvesting, arbitrary local-file reads, destructive behavior, or covert exfiltration was found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 135 KB of source, external domains: api.1presence.com, registry.npmjs.org, securetoken.googleapis.com

Source & flagged code

4 flagged · loading source
dist/auth.jsView file
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
High Secret

Package contains a high-severity secret pattern.

dist/auth.jsView on unpkg · L186
186patternName = google_api_key severity = high line = 186 matchedText = const FI...i8';
High
Secret Pattern

Google API key in dist/auth.js

dist/auth.jsView on unpkg · L186
dist/claudeAuth.jsView file
1import { spawn } from 'node:child_process'; L2: import { createInterface } from 'node:readline';
High
Child Process

Package source references child process execution.

dist/claudeAuth.jsView on unpkg · L1
dist/update.jsView file
18try { L19: const res = await fetch('https://registry.npmjs.org/@1presence/bridge/latest', { L20: signal: AbortSignal.timeout(3000), ... L28: console.log(`Updating to v${latest}…\n`); L29: const child = spawn('npx', ['--yes', `@1presence/bridge@${latest}`], { L30: stdio: 'inherit', L31: env: process.env, L32: });
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/update.jsView on unpkg · L18

Findings

5 High2 Medium5 Low
HighHigh Secretdist/auth.js
HighChild Processdist/claudeAuth.js
HighShell
HighSame File Env Network Executiondist/update.js
HighSecret Patterndist/auth.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings