AI Security Review
scanned 2d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Installation refreshes packaged executable hooks in an existing Overdeck-owned directory. Those hooks can grant scoped permissions to Overdeck headless agents and report activity to a local dashboard; no confirmed malicious chain was found.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/postinstall.mjs` copies executable hooks into `~/.overdeck/bin` when that first-party directory exists.
- `sync-sources/hooks/auto-approve-hook` grants scoped Claude Code tool approval for named headless Overdeck agent IDs.
- `sync-sources/hooks/pan-hook-lib.sh` reads an Overdeck internal token and posts hook activity to the dashboard.
- `scripts/postinstall.mjs` does not fetch code, invoke a shell, read environment secrets, or modify foreign agent settings.
- Postinstall writes only under existing `~/.overdeck`, not broad `~/.claude`, `~/.codex`, or project paths.
- Hook network traffic defaults to a local Overdeck dashboard and sends agent activity payloads, not harvested credentials.
- No inspected source confirms the scanner claims of credential exfiltration or download-and-execute behavior.
Source & flagged code
19 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/beads-BxZgcj1v.jsView on unpkg · L7A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L11176Source appears to send environment or credential material to an external endpoint.
dist/cli/index.jsView on unpkg · L84Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L84A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L84Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L22612Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L9966Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L1496Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L84Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/tts-daemon-CC-Dg02A.jsView on unpkg · L6Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/src-CNLON0co.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1