AI Security Review
scanned 6d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package installs and configures first-party AI-agent hooks for Overdeck. This creates lifecycle risk because hooks can affect Claude Code sessions, including scoped auto-approval for Overdeck agent IDs, but source inspection did not confirm malicious install-time hijack or exfiltration.
Decision evidence
public snapshot- package.json has postinstall: node scripts/postinstall.mjs || true.
- scripts/postinstall.mjs copies sync-sources/hooks scripts into ~/.overdeck/bin when ~/.overdeck exists.
- dist/cli/index.js pan admin hooks install writes Overdeck hooks into ~/.claude/settings.json.
- sync-sources/hooks/auto-approve-hook grants Claude PreToolUse allow for Overdeck headless agent ID prefixes.
- dist/remote-agents-CK1m8SWf.js can copy Claude/GitHub/GitLab credentials to user-configured Fly VMs.
- No install-time write to ~/.claude/settings.json found; hook settings mutation is explicit/admin or runtime setup.
- Hook network traffic posts to localhost dashboard endpoints with internal token.
- Remote credential sync is tied to remote-agent Fly provisioning commands, not import/postinstall execution.
- Scanner secret asset is bundled font/WASM code, not a credential.
- No evidence of broad env harvesting to attacker-controlled endpoints.
Source & flagged code
20 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/reconstruct-cache-3Fwmri1k.jsView on unpkg · L9Package source references shell execution.
dist/reconstruct-cache-3Fwmri1k.jsView on unpkg · L40Package source references dynamic require/import behavior.
scripts/sqlite.mjsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L10814Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L86A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L86Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L20334Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L86Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L9621Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L86Source appears to send environment or credential material to an external endpoint.
dist/agents-T37NjjRl.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/server.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/dashboard/remote-agents-DHPxoyuA.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1