AI Security Review
scanned 5d ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- bridge.mjs exposes agent-facing tools for cross-terminal posting, spawning lanes, research runs, and flow dispatch.
- bridge.mjs can open flow lanes with mode 'bypassPermissions' after user-approved flow dispatch.
- service.mjs can install launchd/systemd/Startup persistence, but only through explicit install-service actions.
- provider.mjs and auth-store.mjs persist user tokens under ~/.thinkpool-pair with mode 0600.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin thinkpool-pair.
- bridge.mjs service install prompt is interactive TTY and default-no; launcher install-service is user-selected.
- No unconsented writes to foreign agent control surfaces such as MCP config, CLAUDE.md, Codex/Cursor settings, or shell profiles were found.
- Service files are package-owned io.thinkpool.pair launchd/systemd/Startup entries and include uninstall paths.
- Network use is package-aligned: ThinkPool/Supabase room bridge, npm update checks, provider model fetches, and user-requested web research.
- Room codes and service labels have validation against shell/path injection.
Source & flagged code
6 flagged · loading sourceSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
account.mjsView on unpkgPackage source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1