AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No concrete malicious attack surface is established. The package has a real agent-extension lifecycle surface because explicit setup commands install TermDeck-owned Claude hooks and MCP config, but not at npm install time.
Decision evidence
public snapshot- packages/cli/src/init-mnestra.js installs/refreshes TermDeck Claude hooks under ~/.claude/hooks and wires ~/.claude/settings.json on explicit init.
- packages/cli/src/init-rumen.js can update ~/.claude.json Supabase MCP env token only when user supplies SUPABASE_ACCESS_TOKEN and placeholder exists.
- packages/cli/src/index.js launches a local PTY web server and uses child_process for port reclaim, browser open, and server startup.
- packages/server/src/index.js exposes terminal/session APIs and spawns PTYs, but has a non-loopback auth guard.
- package.json has no preinstall/install/postinstall lifecycle hooks; activation is via bin or npm scripts/user commands.
- No import-time exfiltration or payload fetch found in inspected entrypoints.
- Secrets are read for local config, Supabase/OpenAI/Anthropic integrations, and child PTY env; management tokens are explicitly excluded from PTY merge.
- Network endpoints are package-aligned: localhost TermDeck/Mnestra, Supabase, OpenAI, Anthropic, npm version lookup, CDN browser assets.
- Claude hook overwrites are version/marker-gated with backups and custom-hook preservation.
- Server defaults to 127.0.0.1 and refuses non-loopback bind without auth token.
Source & flagged code
9 flagged · loading sourcePackage source references dynamic require/import behavior.
doctrine/index.jsView on unpkg · L13Source writes installer persistence such as shell profile or service configuration.
packages/cli/src/init-bridge.jsView on unpkg · L27A single source file combines environment access, network access, and code or shell execution; review context before blocking.
packages/cli/src/stack.jsView on unpkg · L13Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
packages/cli/src/init-rumen.jsView on unpkg · L136This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
packages/cli/src/index.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
packages/cli/src/index.jsView on unpkg · L17Source launches a detached bundled service that exposes a broad-bound HTTP listener.
packages/server/src/index.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
packages/cli/assets/supervise/termdeck-supervise.shView on unpkg