AI Security Review
scanned 3d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. An explicit setup command installs a per-user launchd/systemd service for the Bridge. That service restarts a LAN WebSocket bridge through an unpinned `@latest` npx invocation.
Decision evidence
public snapshot- `dist/cli.js` exposes an explicit `setup` command that installs a user service.
- `dist/setup-systemd.js` and `dist/setup-launchd.js` persist a background service and enable autostart.
- Persisted services execute `npx --yes @ccpocket/bridge@latest`, creating an unpinned future-code update path.
- `dist/index.js` starts a LAN HTTP/WebSocket bridge that can control coding-agent sessions.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook runs for consumers.
- Service persistence is reached only through the user-invoked `ccpocket-bridge setup` command.
- `dist/websocket.js` checks a configured API-key token and applies configured project-directory restrictions.
- Firebase and relay requests support declared push notifications; no source evidence harvests environment secrets or files for exfiltration.
Source & flagged code
5 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/setup-launchd.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/websocket.jsView on unpkg