AI Security Review
scanned 3h ago · by lpm-firewall-aiA guarded postinstall refreshes executables in the already-existing package-owned `~/.overdeck/bin` directory. At configured runtime, hooks send agent events to the local Overdeck dashboard; the statusline requests Claude usage from Anthropic using the local OAuth token. No concrete malicious attack surface was established.
Decision evidence
public snapshot- `package.json` invokes `postinstall`.
- `scripts/postinstall.mjs` copies bundled hook executables into existing `~/.overdeck/bin`.
- `sync-sources/hooks/statusline.sh` reads Claude OAuth credentials and calls Anthropic's usage API.
- `dist/cli/index.js` includes explicit CLI paths that download tools or run shell commands.
- Postinstall runs its copy loop only if `~/.overdeck` already exists.
- Install writes are limited to package-owned `~/.overdeck/bin`; no install-time foreign AI-agent settings write was found.
- Reviewed hook traffic targets the local dashboard or `api.anthropic.com`, not an unaligned collector.
- No inspected source showed remote payload execution, arbitrary credential exfiltration, or destructive behavior.
Source & flagged code
20 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22AWS access key ID in dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.js
dist/dashboard/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22Package source references child process execution.
dist/tldr-daemon-DITOmgqp.jsView on unpkg · L5Package source references dynamic require/import behavior.
scripts/sqlite.mjsView on unpkg · L2A single source file combines environment access, network access, and code or shell execution with blocking evidence.
dist/cli/index.jsView on unpkg · L11232Source downloads or fetches remote code and executes it.
dist/cli/index.jsView on unpkg · L85A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/cli/index.jsView on unpkg · L85This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli/index.jsView on unpkgSource combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli/index.jsView on unpkg · L22720Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli/index.jsView on unpkg · L85Package source invokes a package manager install command at runtime.
dist/cli/index.jsView on unpkg · L10003Source writes installer persistence such as shell profile or service configuration.
dist/cli/index.jsView on unpkg · L85Source appears to send environment or credential material to an external endpoint.
dist/agents-CQHK0CSA.jsView on unpkg · L44Package ships non-JavaScript build or shell helper files.
dist/caveman-compress/__init__.pyView on unpkgPackage ships high-entropy non-source blobs.
dist/dashboard/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkgPackage contains source files above the static scanner size ceiling.
dist/dashboard/src-BswtmojL.jsView on unpkgGoogle API key in dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
dist/dashboard/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1