AI Security Review
scanned 7d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The confirmed lifecycle behavior is a guarded refresh of Overdeck hook executables into its own ~/.overdeck/bin directory. Broader AI tool control-surface writes exist, but appear tied to explicit pan sync/init/workspace commands rather than npm install.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/postinstall.mjs || true
- scripts/postinstall.mjs copies executable hook files from sync-sources/hooks to ~/.overdeck/bin when ~/.overdeck exists
- Copied hooks include agent-facing scripts that call local dashboard APIs and may read Claude credentials for usage display
- dist/sync-BGK4YcE7.js user-invoked sync can write ~/.claude/skills, ~/.claude/commands, ~/.claude/CLAUDE.md, and ~/.claude/mcp.json
- No postinstall path found that writes ~/.claude, ~/.codex, ~/.cursor, or project AGENTS.md
- postinstall is guarded by existing ~/.overdeck and writes only the package-owned ~/.overdeck/bin namespace
- Network calls inspected are local dashboard APIs, GitHub/Anthropic/OpenAI/Linear provider APIs, or user-invoked remote-agent flows
- scripts/sqlite.mjs dynamic require only loads node:sqlite; no remote code loading found
Source & flagged code
19 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/remote-workspace-CjwtcgOj.jsView on unpkg · L9Package source references dynamic require/import behavior.
scripts/sqlite.mjsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L10814Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L86A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L86Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L20334Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L86Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L9621Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L86Source appears to send environment or credential material to an external endpoint.
dist/agents-CAXhuvvP.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/server.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1