AI Security Review
scanned 6d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- bridge.mjs exposes agent tools that can spawn additional Claude lanes and may inherit bypassPermissions.
- bridge.mjs flow dispatch opens autonomous flow lanes with mode 'bypassPermissions'.
- service.mjs can create boot-persistent LaunchAgent/systemd/Startup entries, but only through installService CLI path.
- account.mjs can spawn child bridge processes and auto-update via npx @latest when service env is set.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin thinkpool-pair.
- Public Supabase anon key is labeled client credential, not a private secret.
- service.mjs validates room codes before interpolating into service labels/commands.
- auth-store.mjs stores only this package's account files under ~/.thinkpool-pair.
- Network calls target package-aligned ThinkPool/Supabase/npm/model-provider endpoints.
- No import-time foreign AI-agent config writes such as .mcp.json, CLAUDE.md, or global agent settings found.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1