AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious install-time or import-time attack surface. The package is an explicitly invoked Threadbase/Claude streaming server with local service, PTY, scanner, upload, and updater features.
Decision evidence
public snapshot- dist/seed-claude-config.cjs can write a CLAUDE_CONFIG path when explicitly executed
- dist/cli.cjs user-invoked server can spawn Claude CLI with --permission-mode acceptEdits
- dist/cli.cjs has signed update route that can run CLI update when configured
- package.json postinstall only chmods node-pty spawn-helper inside dependency prebuilds
- No lifecycle script writes .claude, MCP, shell startup, VCS hooks, services, or agent config
- Claude config seeding is a standalone entrypoint gated by CLAUDE_CONFIG, not npm install/import
- Network use is package-aligned: local HTTP/WebSocket server and GitHub release updater
- Updater verifies manifest sha256/size before swapping ~/.threadbase release files
- No credential harvesting or exfiltration found; auth keys are local server pairing/update controls
Source & flagged code
7 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/index.cjsView on unpkg · L101Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg