AI Security Review
scanned 1h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time behavior persists Overdeck-owned hook executables into an existing `~/.overdeck/bin` directory. Runtime agent features may configure a workspace-local Overdeck MCP bridge and call a configured Overdeck dashboard API. No concrete credential exfiltration, remote payload download, or foreign AI-agent control-surface mutation was confirmed.
Decision evidence
public snapshot- `package.json` runs `scripts/postinstall.mjs` on npm install.
- `scripts/postinstall.mjs` conditionally creates `~/.overdeck/bin` and copies executable hook files there when `~/.overdeck` exists.
- `dist/agents-C_0ubGr4.js` can write a workspace-local `.pan/agent-mcp.json` bridge configuration for eligible agent launches.
- Postinstall targets the package-owned `~/.overdeck` directory and does nothing unless it already exists.
- Postinstall copies packaged hook files only; it has no network, credential-harvesting, remote-download, or shell-execution path.
- MCP bridge configuration is guarded by an experimental opt-in and agent/harness eligibility checks.
- Observed network calls in `work-agent-stop-hook` use configured `PAN_DASHBOARD_URL` for Overdeck dashboard API status/heartbeat operations, not a hard-coded external exfiltration host.
Source & flagged code
18 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/pull-requests-DAn4mocc.jsView on unpkg · L4Source appears to send environment or credential material to an external endpoint.
dist/agents-C_0ubGr4.jsView on unpkg · L43Package source references dynamic require/import behavior.
scripts/sqlite.mjsView on unpkg · L2A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L95Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L21780Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L9871Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L95A single source file combines environment access, network access, and code or shell execution; review context before blocking.
scripts/create-github-app.mjsView on unpkg · L12Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
sync-sources/skills/okf/templates/repo/.okf/scripts/okf_common.pyView on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/server.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1