registry  /  @overdeck/desktop  /  0.45.11

@overdeck/desktop@0.45.11

Overdeck Command Deck — AI agent monitoring desktop app

AI Security Review

scanned 6h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. At runtime, this AI-agent management desktop app can modify a created workspace's `.claude/settings.json` to add command hooks. It also launches its bundled local dashboard server and agent tooling. No unconsented install-time foreign agent-control mutation was confirmed.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User launches the desktop app and creates or manages a workspace.
Impact
Configured Claude sessions in managed workspaces may execute Overdeck hook scripts.
Mechanism
workspace-scoped Claude hook installation and local agent orchestration
Rationale
Source confirms guarded runtime workspace hook setup, not concrete malicious install-time behavior. The scanner's blob, secret, and Trojan Source hints do not establish an attack after inspection.
Evidence
package.jsonbin/overdeck.mjsdist-electron/main.jsserver/workspace-4ZufqeMe.jsserver/remote-agents-CmbIKw7E.jsdist-electron/preload.jsserver/server.js
Network endpoints3
127.0.0.1api.github.comgithub.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `server/workspace-4ZufqeMe.js` writes workspace `.claude/settings.json` hooks.
  • Hooks invoke scripts under `~/.overdeck/hooks` on Claude session and prompt events.
  • Runtime server spawns local agent/dashboard processes and forwards environment values.
  • `server/remote-agents-CmbIKw7E.js` can provision Claude credentials to user-selected remote VMs.
Evidence against
  • `package.json` postinstall only runs `electron-rebuild` and ignores failure.
  • `bin/overdeck.mjs` runs only when the user invokes its CLI.
  • `dist-electron/main.js` starts bundled `server/server.js` on loopback with a random auth token.
  • No bidi controls were found in the flagged bundled asset; flagged large assets are normal bundled dependencies.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
Manifest
NoLicense
scanned 757 file(s), 23.9 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.cloudflare.com, api.github.com, api.hume.ai, api.kimi.com, api.linear.app, api.machines.dev, api.minimax.io, api.moonshot.ai, api.openai.com, api.vercel.com, api.voyageai.com, api.x.ai, api.z.ai, app.excalidraw.com, chevrotain.io, dashscope-intl.aliyuncs.com, developer.mozilla.org, discord.gg, docs.anthropic.com, docs.excalidraw.com, docs.expo.dev, docs.github.com, embed.reddit.com, en.wikipedia.org, encoding.spec.whatwg.org, esm.sh, example.com, excalidraw-room-persistence.firebaseio.com, fetch.spec.whatwg.org, giphy.com, gist.github.com, github.com, inference-api.nousresearch.com, infra.spec.whatwg.org, jimmy.warting.se, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, mimesniff.spec.whatwg.org, nodejs.org, ollama.com, openrouter.ai, oss-ai.excalidraw.com, oss-collab.excalidraw.com, platform.claude.com, platform.moonshot.ai, platform.twitter.com
Oversized source lightweight scan
server/public/assets/index-DdqPXf3T.js3.61 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsMinifiedUrlStringsProtestwaregithub.comwww.w3.org
server/server.js2.16 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellHighEntropyStringsUrlStringsapi.github.comapi.openai.comgithub.comopenrouter.ai
server/src-BswtmojL.js5.71 MB file, sampled 256 KB
NetworkChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringsgithub.com

Source & flagged code

13 flagged · loading source
package.jsonView file
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = electron-rebuild -f -w node-pty 2>/dev/null; exit 0
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
server/public/assets/chunk-EIO257PC-DnXo63uH.jsView file
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Critical Secret

Package contains a critical-looking secret pattern.

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
22patternName = aws_access_key severity = critical line = 22 matchedText = `,m.push... t};
Critical
Secret Pattern

AWS access key ID in server/public/assets/chunk-EIO257PC-DnXo63uH.js

server/public/assets/chunk-EIO257PC-DnXo63uH.jsView on unpkg · L22
server/toml-CeLDATih.jsView file
363try { L364: const utilInspect = eval("require('util').inspect"); L365: _custom = utilInspect.custom;
Low
Eval

Package source references a known benign dynamic code generation pattern.

server/toml-CeLDATih.jsView on unpkg · L363
dist-electron/preload.jsView file
1let electron = require("electron"); L2: //#region src/preload.ts
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist-electron/preload.jsView on unpkg · L1
server/remote-agents-CmbIKw7E.jsView file
9import { homedir } from "os"; L10: import { exec, spawn } from "child_process"; L11: import { promisify } from "util"; ... L23: if (!playwright || typeof playwright !== "object") return null; L24: const remoteConfig = { mcpServers: { playwright: JSON.parse(JSON.stringify(playwright)) } }; L25: ensurePlaywrightIsolationSync(remoteConfig); ... L34: * Wraps the Fly Machines API (flaps) for machine lifecycle management. L35: * Base URL: https://api.machines.dev/v1 L36: * Auth: FLY_API_TOKEN environment variable ... L44: try { L45: const configPath = join(homedir(), ".fly", "config.yml"); L46: if (!existsSync(configPath)) return void 0;
High
Credential Exfiltration

Source combines credential-like environment material and outbound requests; review data flow before blocking.

server/remote-agents-CmbIKw7E.jsView on unpkg · L9
bin/overdeck.mjsView file
58package = @overdeck/desktop; repositoryIdentity = overdeck; dependency = electron L58: // The `electron` package exports its binary path as its module value. L59: return require("electron"); L60: } catch {
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/overdeck.mjsView on unpkg · L58
server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView file
46contains invisible/control Unicode U+FEFF (zero width no-break space) \r \v \xA0            \u2028\u2029   <U+FEFF>`.split(``);function Oa(e){let t=typeof e==`string`?new RegExp(e):e;return Da.some(e=>t.test(e))}o(Oa,`isWhitespace`);function ka(e){return e.replace(/[.*+?^${}()|[\]\\]/g,`\\$&`)}o(ka,`escapeReg
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

server/public/assets/chunk-NNHCCRGN-oonlRMkZ.jsView on unpkg · L46
resources/icon.icoView file
path = resources/icon.ico kind = high_entropy_blob sizeBytes = 29519 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

resources/icon.icoView on unpkg
server/src-BswtmojL.jsView file
path = server/src-BswtmojL.js kind = oversized_source_file sizeBytes = 5983292 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

server/src-BswtmojL.jsView on unpkg
server/flywheel-BLoVNtJV.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @overdeck/desktop@0.45.10 matchedIdentity = npm:QG92ZXJkZWNrL2Rlc2t0b3A:0.45.10 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

server/flywheel-BLoVNtJV.jsView on unpkg
server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView file
1patternName = google_api_key severity = high line = 1 matchedText = var e={V...AZZX
High
Secret Pattern

Google API key in server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js

server/public/assets/chunk-ZUYEQ4TG-B82Qm37l.jsView on unpkg · L1

Findings

4 Critical6 High6 Medium8 Low
CriticalCritical Secretserver/public/assets/chunk-EIO257PC-DnXo63uH.js
CriticalTrojan Source Unicodeserver/public/assets/chunk-NNHCCRGN-oonlRMkZ.js
CriticalPrevious Version Dangerous Deltaserver/flywheel-BLoVNtJV.js
CriticalSecret Patternserver/public/assets/chunk-EIO257PC-DnXo63uH.js
HighInstall Time Lifecycle Scriptspackage.json
HighCredential Exfiltrationserver/remote-agents-CmbIKw7E.js
HighCopied Package Dependency Bridgebin/overdeck.mjs
HighShips High Entropy Blobresources/icon.ico
HighOversized Source Fileserver/src-BswtmojL.js
HighSecret Patternserver/public/assets/chunk-ZUYEQ4TG-B82Qm37l.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist-electron/preload.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalserver/toml-CeLDATih.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License