AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked bridge for sharing local coding-agent CLIs into ThinkPool rooms, with expected network, subprocess, local state, and optional service persistence capabilities.
Decision evidence
public snapshot- bridge.mjs exposes user-invoked remote coding-agent control over Supabase room channels.
- service.mjs can install boot-persistent launchd/systemd/Startup service, but only via install-service command.
- bridge.mjs downloads room-supplied file URLs to temp dir during runtime file-put events.
- claude-session.mjs supports bypassPermissions and agent lane spawning when chosen/approved in room.
- package.json has no install/preinstall/postinstall lifecycle hooks; bin is bridge.mjs only.
- Embedded Supabase JWT in bridge.mjs is documented anon public client key, not a private secret.
- bridge.mjs validates room codes before filesystem/service label use and gates service install behind explicit CLI subcommands.
- claude-session.mjs implements PreToolUse risk classification, permission cards, deny-fail behavior, and caps/kill switches for cross-terminal tools.
- account.mjs/auth-store.mjs store only ThinkPool login tokens locally under ~/.thinkpool-pair after explicit login.
- Network hosts are package-aligned: ThinkPool web, Supabase backend, npm registry update checks.
Source & flagged code
4 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22