registry  /  @overdeck/desktop  /  0.45.1

@overdeck/desktop@0.45.1

Overdeck Command Deck — AI agent monitoring desktop app

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The user-launched desktop dashboard starts a local server and exposes a route that installs optional developer tools. The installation logic downloads latest remote artifacts and executes shell commands, including one curl-to-bash path.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User launches the CLI/Electron app and requests POST /api/prereqs/install through the local dashboard.
Impact
A local dashboard user/session can cause execution of downloaded third-party tooling; no unconsented install-time attack chain was confirmed.
Mechanism
User-triggered remote tool installation and local AI-agent process management.
Rationale
The scanner's malicious conclusion is not substantiated by the inspected lifecycle and entrypoint code. The package nevertheless contains a user-triggered remote execution capability that merits a warning.
Evidence
package.jsonbin/overdeck.mjsdist-electron/main.jsserver/server.jsdist-electron/preload.js
Network endpoints4
github.com/tsl0922/ttyd/releases/latest/download/ttyd.x86_64github.com/FiloSottile/mkcert/releases/latest/download/mkcert-v1.4.4-linux-${process.arch}raw.githubusercontent.com/gastownhall/beads/main/scripts/install.shgithub.com/eltmon/ox/releases/download/latest/ox-${platform}-${arch}

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • server/server.js exposes POST /api/prereqs/install.
  • That route runs shell curl downloads and a curl|bash installer for optional tools.
  • server/server.js starts and supervises local AI-agent/deacon child processes after dashboard startup.
  • server/server.js can access ~/.claude skills and writes OAuth credentials for its omp integration.
Evidence against
  • package.json postinstall only runs electron-rebuild and ignores failure.
  • bin/overdeck.mjs launches Electron only when the user invokes the CLI.
  • dist-electron/main.js spawns the packaged server and polls 127.0.0.1.
  • No inspected lifecycle code exfiltrates credentials or mutates foreign agent controls.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 479 file(s), 17.7 MB of source, external domains: 127.0.0.1, api.github.com, api.openai.com, app.excalidraw.com, chevrotain.io, discord.gg, docs.excalidraw.com, embed.reddit.com, en.wikipedia.org, esm.sh, example.com, excalidraw-room-persistence.firebaseio.com, giphy.com, gist.github.com, github.com, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, nodejs.org, openrouter.ai, oss-ai.excalidraw.com, oss-collab.excalidraw.com, platform.twitter.com, player.vimeo.com, plus.excalidraw.com, reactjs.org, reddit.com, rolldown.rs, twitter.com, us-central1-excalidraw-room-persistence.cloudfunctions.net, www.figma.com, www.ibm.com, www.w3.org, www.youtube.com, x.com, youtube.com
Oversized source lightweight scan
server/public/assets/index-BsKNi2y5.js3.61 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsProtestwaregithub.comwww.w3.org
server/server.js2.16 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsapi.github.comapi.openai.comgithub.comopenrouter.ai

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
server/public/assets/chunk-EIO257PC-DnXo63uH.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Secret Pattern

AWS access key ID in server/public/assets/chunk-EIO257PC-DnXo63uH.js

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
dist-electron/preload.jsView file
1let electron = require("electron"); L2: //#region src/preload.ts
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-electron/preload.jsView on unpkg · L1
bin/overdeck.mjsView file
58package = @overdeck/desktop; repositoryIdentity = overdeck; dependency = electron L58: // The `electron` package exports its binary path as its module value. L59: return require("electron"); L60: } catch {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/overdeck.mjsView on unpkg · L58
server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Oa(e){let t=typeof e==`string`?new RegExp(e):e;return Da.some(e=>t.test(e))}o(Oa,`isWhitespace`);function ka(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(ka,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView on unpkg · L46
resources/icon.icoView file
path = resources/icon.ico kind = high_entropy_blob sizeBytes = 29519 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

resources/icon.icoView on unpkg
server/server.jsView file
path = server/server.js kind = oversized_source_file sizeBytes = 2261405 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

server/server.jsView on unpkg
dist-electron/main.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @overdeck/desktop@0.42.0 matchedIdentity = npm:QG92ZXJkZWNrL2Rlc2t0b3A:0.42.0 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist-electron/main.jsView on unpkg
server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = var e={V...AZZX
High
Secret Pattern

Google API key in server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js

server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1

Findings

3 Critical6 High6 Medium7 Low
CriticalCritical Secretserver/public/assets/chunk-EIO257PC-DnXo63uH.js
CriticalTrojan Source Unicodeserver/public/assets/chunk-NNHCCRGN-oonlRMkZ.js
CriticalSecret Patternserver/public/assets/chunk-EIO257PC-DnXo63uH.js
HighInstall Time Lifecycle Scriptspackage.json
HighCopied Package Dependency Bridgebin/overdeck.mjs
HighShips High Entropy Blobresources/icon.ico
HighOversized Source Fileserver/server.js
HighPrevious Version Dangerous Deltadist-electron/main.js
HighSecret Patternserver/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist-electron/preload.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License