AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface by static inspection. The package is a user-invoked ThinkPool bridge for sharing local coding-agent sessions, with optional explicit background service installation.
Decision evidence
public snapshot- bridge.mjs exposes a powerful remote room bridge that can drive local coding-agent CLIs at runtime.
- service.mjs can install launchd/systemd/Windows Startup persistence, but only via explicit install-service CLI.
- claude-session.mjs supports bypassPermissions and spawned agent lanes, a dangerous package-aligned capability.
- package.json has no npm lifecycle hooks; install/import does not auto-run service or agent setup.
- bridge.mjs gates execution behind user-invoked bin commands and validates room codes before use.
- service.mjs persistence is an explicit documented CLI feature with uninstall-service support and pinned default version.
- README.md documents the remote-agent trust model and warns that room codes can drive the agent.
- Secrets flagged in bridge.mjs are Supabase anon/public client credentials; user tokens are stored under package-owned ~/.thinkpool-pair.
- No evidence of credential harvesting, arbitrary exfiltration, destructive install-time behavior, or foreign AI-agent control-surface mutation.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1