AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky primitives are aligned with an advertised Claude Code PTY/WebSocket streamer and are activated by server or CLI use rather than npm install.
Decision evidence
public snapshot- dist/seed-claude-config.cjs can write a Claude config path from CLAUDE_CONFIG, but it is a standalone Docker entrypoint helper, not an npm lifecycle hook.
- dist/cli.cjs contains user-invoked prod/update commands that manage launchd/Task Scheduler services and self-update from GitHub releases.
- package.json postinstall only chmods node-pty prebuilds/.../spawn-helper; no broad home/project agent files are written at install time.
- package.json bin points to dist/cli.cjs; service/update/cache mutations are behind explicit CLI commands, not import/install execution.
- dist/index.cjs spawns claude via node-pty for the advertised PTY streaming server and uses --permission-mode acceptEdits, not dangerously-skip-permissions.
- dist/index.cjs writes only package-owned ~/.threadbase/server.yaml/cache files during normal config/server use.
- dist/cli.cjs update path fetches GitHub releases and verifies manifest sha256/size before unpacking into ~/.threadbase/releases.
- README.md documents npm install, set-key, serve, Homebrew service, cache, and update behavior consistent with the code.
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L101Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg