registry  /  @overdeck/desktop  /  0.42.0

@overdeck/desktop@0.42.0

Overdeck Command Deck — AI agent monitoring desktop app

AI Security Review

scanned 7d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface was found. The package is a desktop AI-agent orchestration app with broad runtime capability to start local agent sessions and integrate with Claude/Codex inside package-owned state.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User launches overdeck-desktop/Electron app; some services depend on user settings or dashboard actions.
Impact
Dangerous if misconfigured or intentionally used for autonomous agent actions, but source inspection did not show unconsented lifecycle hijack or exfiltration malware.
Mechanism
Runtime AI-agent orchestration, local child processes, localhost dashboard, and optional package-owned agent configuration.
Policy narrative
The main risk is not package-install malware: launching the desktop app starts an embedded server that can run tmux-backed Claude/Codex sessions, manage transcripts, and optionally write package-owned MCP/Codex state. These capabilities are aligned with an AI-agent monitoring/orchestration product and are not delivered through the npm lifecycle into foreign control surfaces.
Rationale
Static inspection supports a warning for substantial agent-facing runtime capability, but not a publish block: the install hook is limited to electron-rebuild and the agent/control-surface writes observed are runtime, app-aligned, and mostly under ~/.overdeck. No credential harvesting, destructive lifecycle action, or unconsented broad AI-agent control hijack was confirmed.
Evidence
package.jsonbin/overdeck.mjsdist-electron/main.jsdist-electron/preload.jsserver/server.jsuserData/desktop-settings.json~/.overdeck~/.overdeck/agents/*/codex-home~/.overdeck/conversations/*/agent-mcp.json~/.claude/projects~/.claude/skills
Network endpoints9
github.com/eltmon/overdeckgithub.com/eltmon/overdeck/issuesgithub.com/eltmon/overdeck/blob/main/docs/FLYWHEEL.mdopenrouter.ai/api/v1/modelsopenrouter.ai/api/v1/auth/keyapi.github.comapi.openai.com/v1/chat/completions127.0.0.1:7825ws://127.0.0.1:7825

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • dist-electron/main.js spawns bundled server/server.js at runtime and polls localhost APIs.
  • server/server.js is an AI-agent dashboard with tmux, Claude/Codex spawning, transcript parsing, and optional auto-merge/deacon services.
  • server/server.js can initialize package-owned Codex homes under ~/.overdeck/agents/... and write agent MCP config under ~/.overdeck/conversations/... when enabled.
  • Runtime network calls include GitHub updater, OpenRouter model/auth APIs, GitHub API, and OpenAI chat completions.
Evidence against
  • package.json postinstall only runs electron-rebuild for node-pty and exits 0; no package code or agent-surface write runs on npm install.
  • bin/overdeck.mjs only checks Node/server bundle and launches Electron with inherited stdio/env.
  • No install-time writes to .mcp.json, CLAUDE.md, .claude commands/settings, Codex/Cursor settings, shell startup files, or VCS hooks found.
  • Desktop auto-start uses Electron setLoginItemSettings only after user dialog/settings update, not during npm lifecycle.
  • External update feed is configured to the package repository eltmon/overdeck with autoDownload=false.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 479 file(s), 17.7 MB of source, external domains: 127.0.0.1, api.github.com, api.openai.com, app.excalidraw.com, chevrotain.io, discord.gg, docs.excalidraw.com, embed.reddit.com, en.wikipedia.org, esm.sh, example.com, excalidraw-room-persistence.firebaseio.com, giphy.com, gist.github.com, github.com, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, nodejs.org, openrouter.ai, oss-ai.excalidraw.com, oss-collab.excalidraw.com, platform.twitter.com, player.vimeo.com, plus.excalidraw.com, reactjs.org, reddit.com, rolldown.rs, twitter.com, us-central1-excalidraw-room-persistence.cloudfunctions.net, www.figma.com, www.ibm.com, www.w3.org, www.youtube.com, x.com, youtube.com
Oversized source lightweight scan
server/public/assets/index-C2PMO6nB.js3.55 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsProtestwarewww.w3.org
server/server.js2.10 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsapi.github.comapi.openai.comgithub.comopenrouter.ai

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
server/public/assets/chunk-EIO257PC-DnXo63uH.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Secret Pattern

AWS access key ID in server/public/assets/chunk-EIO257PC-DnXo63uH.js

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
dist-electron/preload.jsView file
1let electron = require("electron"); L2: //#region src/preload.ts
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-electron/preload.jsView on unpkg · L1
bin/overdeck.mjsView file
58package = @overdeck/desktop; repositoryIdentity = overdeck; dependency = electron L58: // The `electron` package exports its binary path as its module value. L59: return require("electron"); L60: } catch {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/overdeck.mjsView on unpkg · L58
server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Oa(e){let t=typeof e==`string`?new RegExp(e):e;return Da.some(e=>t.test(e))}o(Oa,`isWhitespace`);function ka(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(ka,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView on unpkg · L46
server/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View file
path = server/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2 kind = high_entropy_blob sizeBytes = 12256 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

server/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2View on unpkg
server/server.jsView file
path = server/server.js kind = oversized_source_file sizeBytes = 2204538 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

server/server.jsView on unpkg
server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = var e={V...AZZX
High
Secret Pattern

Google API key in server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js

server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1

Findings

3 Critical5 High6 Medium7 Low
CriticalCritical Secretserver/public/assets/chunk-EIO257PC-DnXo63uH.js
CriticalTrojan Source Unicodeserver/public/assets/chunk-NNHCCRGN-oonlRMkZ.js
CriticalSecret Patternserver/public/assets/chunk-EIO257PC-DnXo63uH.js
HighInstall Time Lifecycle Scriptspackage.json
HighCopied Package Dependency Bridgebin/overdeck.mjs
HighShips High Entropy Blobserver/public/assets/space-grotesk-latin-ext-400-normal-CfP_5XZW.woff2
HighOversized Source Fileserver/server.js
HighSecret Patternserver/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist-electron/preload.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License