AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a terminal multiplexer/orchestration tool, so shell spawning, local listeners, config writes, and cloud API calls are expected and user-invoked.
Decision evidence
public snapshot- packages/cli/src/index.js uses child_process to launch/reclaim TermDeck processes at runtime.
- packages/server/src/index.js exposes an Express/WebSocket PTY terminal server and spawns shells on user session requests.
- packages/cli/src/init-rumen.js deploys Supabase functions and sets secrets, but only via explicit init --rumen flow.
- packages/cli/src/mcp-config.js can write ~/.claude.json MCP config, but only through installer/helper calls, not lifecycle hooks.
- package.json has no preinstall/install/postinstall lifecycle scripts.
- Default CLI/server path is user-invoked via bin termdeck or npm start, not import-time execution.
- packages/cli/src/index.js has non-loopback bind guard requiring auth token.
- packages/server/src/index.js excludes management tokens such as SUPABASE_ACCESS_TOKEN, GITHUB_TOKEN, NPM_TOKEN from PTY env propagation.
- Network endpoints are package-aligned: local server, npm registry update check, Supabase/OpenAI/Anthropic setup and memory features.
- No evidence of credential harvesting/exfiltration, persistence outside documented config/setup, destructive payload, or dependency confusion.
Source & flagged code
8 flagged · loading sourcePackage source references dynamic require/import behavior.
doctrine/index.jsView on unpkg · L13Source writes installer persistence such as shell profile or service configuration.
packages/cli/src/init-bridge.jsView on unpkg · L27A single source file combines environment access, network access, and code or shell execution; review context before blocking.
packages/cli/src/stack.jsView on unpkg · L13Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
packages/cli/src/init-rumen.jsView on unpkg · L136Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
packages/cli/src/index.jsView on unpkg · L17Source launches a detached bundled service that exposes a broad-bound HTTP listener.
packages/server/src/index.jsView on unpkg · L1Package ships non-JavaScript build or shell helper files.
packages/cli/assets/supervise/termdeck-supervise.shView on unpkg