registry  /  @overdeck/desktop  /  0.45.13

@overdeck/desktop@0.45.13

Overdeck Command Deck — AI agent monitoring desktop app

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. On normal desktop startup, the bundled server automatically provisions global Claude Code hooks. It writes `~/.claude/settings.json` and installs package hook scripts under `~/.overdeck/bin`; one hook grants permissions to named Overdeck-managed agents. Hook telemetry targets the local dashboard rather than an external endpoint.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
Launching the Electron desktop application
Impact
Persists package-controlled hooks in a broad AI-agent control surface and can relax tool approvals for Overdeck-managed sessions.
Mechanism
Automatic global Claude Code hook registration with scoped permission auto-approval
Rationale
Warn rather than block: the concrete behavior is automatic runtime setup of a first-party global Claude Code extension with scoped approval bypass, not a malicious install-time or exfiltration chain.
Evidence
package.jsondist-electron/main.jsserver/server.jsserver/claude-hooks-provision-D-jGXmu1.jssync-sources/hooks/auto-approve-hooksync-sources/hooks/pan-hook-lib.sh~/.claude/settings.json~/.overdeck/bin
Network endpoints1
127.0.0.1:${port}

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `server/server.js` auto-runs `provisionClaudeHooks()` in desktop mode.
  • `server/claude-hooks-provision-D-jGXmu1.js` copies scripts to `~/.overdeck/bin` and edits `~/.claude/settings.json`.
  • `sync-sources/hooks/auto-approve-hook` returns `permissionDecision: "allow"` for `OVERDECK_AGENT_ID`-scoped agents.
  • Hooks POST activity events only to the local dashboard transport.
Evidence against
  • `package.json` postinstall only runs `electron-rebuild` for `node-pty`; it does not invoke agent setup.
  • `dist-electron/main.js` starts the bundled server and health-checks `127.0.0.1`.
  • No source evidence of credential exfiltration, remote payload download, or hidden install-time execution.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 816 file(s), 25.2 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.cloudflare.com, api.github.com, api.hume.ai, api.kimi.com, api.linear.app, api.machines.dev, api.minimax.io, api.moonshot.ai, api.openai.com, api.vercel.com, api.voyageai.com, api.x.ai, api.z.ai, app.excalidraw.com, bun.sh, chevrotain.io, claude.ai, dashscope-intl.aliyuncs.com, developer.mozilla.org, discord.gg, docker.com, docs.anthropic.com, docs.docker.com, docs.excalidraw.com, docs.expo.dev, docs.github.com, embed.reddit.com, en.wikipedia.org, encoding.spec.whatwg.org, esm.sh, example.com, excalidraw-room-persistence.firebaseio.com, fetch.spec.whatwg.org, giphy.com, gist.github.com, github.com, inference-api.nousresearch.com, infra.spec.whatwg.org, jimmy.warting.se, json.excalidraw.com, jsonplaceholder.typicode.com, langium.org, libraries.excalidraw.com, mermaid.js.org, mimesniff.spec.whatwg.org, nodejs.org, ollama.com, openrouter.ai
Oversized source lightweight scan
server/public/assets/index-BDqWyuZQ.js3.62 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsProtestwaregithub.comwww.w3.org
server/server.js2.16 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsapi.github.comapi.openai.comgithub.comopenrouter.ai
server/src-D-VXCC9C.js5.71 MB file, sampled 256 KB
NetworkChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringsgithub.com

Source & flagged code

14 flagged · loading source
package.jsonView file
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
server/public/assets/chunk-EIO257PC-DnXo63uH.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Secret Pattern

AWS access key ID in server/public/assets/chunk-EIO257PC-DnXo63uH.js

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
dist-electron/preload.jsView file
1let electron = require("electron"); L2: //#region src/preload.ts
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-electron/preload.jsView on unpkg · L1
server/agents-DqQa4Dq_.jsView file
48import { platform as platform$2 } from "process"; L49: import { exec, execFile } from "node:child_process"; L50: import { promisify } from "node:util"; ... L56: import { layer } from "@effect/platform-node/NodeServices"; L57: import { request } from "node:http"; L58: //#region ../../lib/cost-parsers/ohmypi-parser.ts ... L154: try { L155: parsed = JSON.parse(line); L156: } catch { ... L397: init_internal_token(); L398: DASHBOARD_URL = process.env["OVERDECK_DASHBOARD_URL"] || "http://127.0.0.1:3011"; L399: DEFAULT_TIMEOUT_MS = 1500;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

server/agents-DqQa4Dq_.jsView on unpkg · L48
matchType = previous_version_dangerous_delta matchedPackage = @overdeck/desktop@0.45.12 matchedIdentity = npm:QG92ZXJkZWNrL2Rlc2t0b3A:0.45.12 similarity = 0.650 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

server/agents-DqQa4Dq_.jsView on unpkg
bin/overdeck.mjsView file
58package = @overdeck/desktop; repositoryIdentity = overdeck; dependency = electron L58: // The `electron` package exports its binary path as its module value. L59: return require("electron"); L60: } catch {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/overdeck.mjsView on unpkg · L58
server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/third_party/conpty/1.22.250204002/win10-arm64/conpty.dllView file
path = server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/third_party/conpty/1.22.250204002/win10-arm64/conpty.dll kind = native_binary sizeBytes = 102944 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/third_party/conpty/1.22.250204002/win10-arm64/conpty.dllView on unpkg
server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/binding.gypView file
path = server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/binding.gyp kind = build_helper sizeBytes = 3061 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/binding.gypView on unpkg
resources/icon.icoView file
path = resources/icon.ico kind = high_entropy_blob sizeBytes = 29519 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

resources/icon.icoView on unpkg
server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/deps/winpty/src/tests/subdir.mkView file
path = server/supervisor/vendor/@homebridge/node-pty-prebuilt-[redacted].mk kind = payload_in_excluded_dir sizeBytes = 1304 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

server/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/deps/winpty/src/tests/subdir.mkView on unpkg
server/server.jsView file
path = server/server.js kind = oversized_source_file sizeBytes = 2266373 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

server/server.jsView on unpkg
server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = var e={V...AZZX
High
Secret Pattern

Google API key in server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js

server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1

Findings

4 Critical6 High8 Medium8 Low
CriticalCritical Secretserver/public/assets/chunk-EIO257PC-DnXo63uH.js
CriticalCredential Exfiltrationserver/agents-DqQa4Dq_.js
CriticalPrevious Version Dangerous Deltaserver/agents-DqQa4Dq_.js
CriticalSecret Patternserver/public/assets/chunk-EIO257PC-DnXo63uH.js
HighInstall Time Lifecycle Scriptspackage.json
HighCopied Package Dependency Bridgebin/overdeck.mjs
HighShips High Entropy Blobresources/icon.ico
HighPayload In Excluded Dirserver/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/deps/winpty/src/tests/subdir.mk
HighOversized Source Fileserver/server.js
HighSecret Patternserver/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist-electron/preload.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binaryserver/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/third_party/conpty/1.22.250204002/win10-arm64/conpty.dll
MediumShips Build Helperserver/supervisor/vendor/@homebridge/node-pty-prebuilt-multiarch/binding.gyp
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License