registry  /  clideck  /  1.31.26

clideck@1.31.26

One screen for all your AI coding agents — run, monitor, and manage multiple CLI agents from a single browser tab

AI Security Review

scanned 4d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is an AI agent dashboard with user-invoked setup that writes first-party lifecycle hooks/bridge files for Claude, Codex, Gemini, OpenCode, and Pi. This is package-aligned but mutates AI-agent control surfaces at runtime.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs clideck and enables telemetry/plugin setup or remote/voice features in the UI.
Impact
Local agent lifecycle monitoring/control integration; potential agent-control-surface risk if enabled, but no confirmed malicious chain.
Mechanism
explicit agent hook and bridge configuration writers
Rationale
Source inspection shows broad AI-agent hook/config mutation, but it is package-aligned, user-invoked/runtime setup rather than unconsented npm install-time behavior. No concrete malware behavior or exfiltration beyond optional OpenAI transcription was found, so warn rather than block.
Evidence
package.jsonbin/clideck.jsserver.jshandlers.jscodex-hooks.jscodex-config.jsbin/claude-hook.jsbin/codex-hook.jsbin/gemini-hook.jsplugins/voice-input/index.js~/.claude/settings.json~/.codex/config.toml~/.codex/hooks.json~/.gemini/settings.json~/.config/opencode/plugins/clideck-bridge.js~/.pi/agent/extensions/clideck-bridge.ts
Network endpoints3
api.openai.com/v1/audio/transcriptionslocalhost:<port>127.0.0.1:<port>

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Benign with medium false-positive risk.
Evidence for warning
  • handlers.js writes Claude/Gemini settings hooks and Codex config/hooks during telemetry setup.
  • handlers.js can copy package bridge files into opencode/pi extension directories on user-triggered setup.
  • server.js performs an interactive self-update via npm view/install when run from global node_modules.
  • plugins/voice-input/index.js can call api.openai.com for transcription when the voice plugin is enabled.
Evidence against
  • package.json has no install/preinstall/postinstall hook; only prepublishOnly build:css.
  • bin/clideck.js starts server only when the user runs the clideck CLI.
  • Agent hook writes are exposed through telemetry.autosetup/telemetry.configure messages, not npm install-time mutation.
  • Hook helper scripts post lifecycle data only to localhost CliDeck endpoints.
  • No credential harvesting, destructive behavior, remote payload download, or exfiltration endpoint found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 58 file(s), 517 KB of source, external domains: 127.0.0.1, www.w3.org

Source & flagged code

9 flagged · loading source
handlers.jsView file
matchType = previous_version_dangerous_delta matchedPackage = clideck@1.31.25 matchedIdentity = npm:Y2xpZGVjaw:1.31.25 similarity = 0.966 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

handlers.jsView on unpkg
2const { join, dirname } = require('path'); L3: const { execFileSync, execFile } = require('child_process'); L4: const os = require('os');
High
Child Process

Package source references child process execution.

handlers.jsView on unpkg · L2
server.jsView file
36try { L37: execSync('npm install -g clideck', { stdio: 'inherit', shell: true }); L38: console.log('\n \x1b[38;5;44mUpdated to v' + latest + '. Restarting...\x1b[0m\n');
High
Shell

Package source references shell execution.

server.jsView on unpkg · L36
36try { L37: execSync('npm install -g clideck', { stdio: 'inherit', shell: true }); L38: console.log('\n \x1b[38;5;44mUpdated to v' + latest + '. Restarting...\x1b[0m\n');
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

server.jsView on unpkg · L36
preset-utils.jsView file
1const { binName } = require('./utils'); L2:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

preset-utils.jsView on unpkg · L1
plugins/voice-input/python/worker.pyView file
path = plugins/voice-input/python/worker.py kind = build_helper sizeBytes = 3923 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

plugins/voice-input/python/worker.pyView on unpkg
plugins/voice-input/python/mel_filters.npzView file
path = plugins/voice-input/python/mel_filters.npz kind = compressed_blob sizeBytes = 2240 magicHex = [redacted]
Medium
Ships Compressed Blob

Package ships compressed or archive-like blobs.

plugins/voice-input/python/mel_filters.npzView on unpkg
path = plugins/voice-input/python/mel_filters.npz kind = nested_archive_needs_inspection sizeBytes = 2240 magicHex = [redacted]
Low
Nested Archive Needs Inspection

Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.

plugins/voice-input/python/mel_filters.npzView on unpkg
public/fx/space-idle.mp3View file
path = public/fx/space-idle.mp3 kind = high_entropy_blob sizeBytes = 47276 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

public/fx/space-idle.mp3View on unpkg

Findings

1 Critical4 High6 Medium6 Low
CriticalPrevious Version Dangerous Deltahandlers.js
HighChild Processhandlers.js
HighShellserver.js
HighRuntime Package Installserver.js
HighShips High Entropy Blobpublic/fx/space-idle.mp3
MediumDynamic Requirepreset-utils.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperplugins/voice-input/python/worker.py
MediumShips Compressed Blobplugins/voice-input/python/mel_filters.npz
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectionplugins/voice-input/python/mel_filters.npz