AI Security Review
scanned 44s ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A user-run bridge server exposes local coding-agent, file, and Git capabilities over HTTP/WebSocket. Its default bind address is all interfaces and authentication is optional. Explicit setup can persist a user service that launches the package’s latest npm version.
Decision evidence
public snapshot- `dist/index.js` starts a network bridge on `0.0.0.0` by default.
- `dist/websocket.js` accepts clients without authentication unless `BRIDGE_API_KEY` is configured.
- `dist/websocket.js` exposes agent sessions, file reads, Git actions, and permission/sandbox mode selection to WebSocket clients.
- `dist/setup-launchd.js` and `dist/setup-systemd.js` create persistent user services only through explicit `ccpocket-bridge setup`.
- `dist/setup-launchd.js` service command uses `npx --yes @ccpocket/bridge@latest`.
- `dist/push-relay.js` sends registered-device push metadata to the configured Firebase relay.
- `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
- `dist/cli.js` gates service creation behind the explicit `setup` command.
- No `eval`, VM, native loading, or hidden dynamic payload execution found.
- Firebase calls implement documented anonymous-auth and push-relay behavior; no credential harvesting was found.
- Persistent files are package-owned paths under `~/.ccpocket` or explicit OS service locations.
- WebSocket API-key rejection is implemented when `BRIDGE_API_KEY` is supplied.
Source & flagged code
5 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
dist/setup-launchd.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/websocket.jsView on unpkg