AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code refreshes first-party Overdeck hook executables in an existing `~/.overdeck/bin` directory. Those hooks can later auto-approve tool calls for Overdeck-managed headless agents and emit local dashboard telemetry. No confirmed hostile payload, external exfiltration, or foreign agent-control mutation was established.
Decision evidence
public snapshot- `package.json` has a `postinstall` hook.
- `scripts/postinstall.mjs` copies bundled executables to `~/.overdeck/bin`.
- `sync-sources/hooks/auto-approve-hook` allows tools for named autonomous Overdeck agents.
- `sync-sources/hooks/pan-hook-lib.sh` sends agent events to the configured local dashboard.
- Postinstall runs only when `~/.overdeck` already exists.
- Postinstall does not edit `~/.claude`, `~/.codex`, or other foreign agent settings.
- Copied hooks are bundled source files, not downloaded payloads.
- Hook event endpoint defaults to `http://localhost:3011`; no external exfiltration endpoint was found.
- The approval hook is gated on `OVERDECK_AGENT_ID` prefixes and leaves unmanaged sessions unchanged.
Source & flagged code
20 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/systemd-BMfbSWe_.jsView on unpkg · L4A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L11345Source appears to send environment or credential material to an external endpoint.
dist/cli/index.jsView on unpkg · L86Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L86A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L86This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L22833Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L86Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L10116Package source references dynamic require/import behavior.
dist/cli/index.jsView on unpkg · L1501Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L86Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/server.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1