AI Security Review
scanned 5d ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malware or unconsented install-time control-surface mutation was found. The package is a powerful ThinkPool agent bridge that can expose local coding-agent sessions to a web room and optionally install a persistent service when explicitly invoked.
Decision evidence
public snapshot- bridge.mjs is the bin entry and starts a live ThinkPool room bridge to local coding agents.
- bridge.mjs creates an in-process Claude SDK MCP server with cross-terminal/session read, post, close, and spawn_terminal tools.
- claude-session.mjs supports bypassPermissions and auto-allows low-risk/read-only MCP tools; spawned lanes may inherit bypass mode.
- service.mjs can install boot-persistent launchd/systemd/Startup services, but only via install-service CLI.
- account.mjs can spawn detached npx thinkpool-pair@latest install-service during dashboard restart of an active service.
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks.
- Persistence writes are behind explicit install-service/uninstall-service/restart-service commands, not import/install time.
- service.mjs validates room codes before shell/service interpolation and defaults services to a pinned package version unless --auto-update is used.
- Provider/auth tokens are saved under ~/.thinkpool-pair for the package's own account/provider workflow, not harvested broadly.
- No code plants CLAUDE.md, .mcp.json, .claude commands, Codex/Cursor settings, or foreign AI-agent config files.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1