AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package provides an AI-agent extension lifecycle: installation refreshes first-party executables in an existing Overdeck home, while explicit workspace setup can add Claude workspace hooks. Those hooks submit agent and prompt events to an Overdeck dashboard, local by default.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.mjs` on install.
- `scripts/postinstall.mjs` copies executable hooks into `~/.overdeck/bin` when that first-party directory already exists.
- `dist/workspace-P0whzIO3.js` writes workspace `.claude/settings.json` hooks that execute Overdeck scripts.
- `sync-sources/hooks/user-prompt-submit-hook` sends Claude prompt data to the configured Overdeck dashboard.
- Postinstall does not alter `.claude`, `.codex`, Cursor, or Gemini settings.
- Postinstall is gated on existing `~/.overdeck` state and copies only bundled first-party hook files.
- Hook traffic defaults to authenticated local `http://localhost:3011`; no hard-coded external exfiltration endpoint was found.
- `curl | bash` in `dist/cli/index.js` is limited to explicit `pan install`/`pan beads upgrade` commands.
Source & flagged code
20 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/tldr-daemon-DITOmgqp.jsView on unpkg · L5Package source references dynamic require/import behavior.
scripts/sqlite.mjsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L11232Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L85A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L85Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L22720Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L85Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L10003Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L85Source appears to send environment or credential material to an external endpoint.
dist/agents-CQHK0CSA.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/src-BswtmojL.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/dashboard/public/assets/ganttDiagram-6RSMTGT7-DQ3nocJU.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1