AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-run ThinkPool room bridge that intentionally connects local coding-agent CLIs to ThinkPool realtime/web services and can optionally install its own background service.
Decision evidence
public snapshot- CLI can install boot-persistent launchd/systemd/Startup services via explicit `install-service` command in service.mjs.
- Runtime bridges local agent terminals and uploads room artifacts/files to ThinkPool endpoints when user runs the bin.
- Uses child_process to spawn local CLIs, npx updater, git/zip/gh helpers, and service-manager commands.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin `thinkpool-pair` activates code.
- Embedded Supabase JWT in bridge.mjs is documented as public anon key, not a private secret.
- Service persistence is user-invoked or interactive opt-in, package-owned, and validates room labels before shell/service interpolation.
- Provider/API keys are stored locally under ~/.thinkpool-pair with 0600 modes and provider announcements omit keys.
- Network endpoints are package-aligned: ThinkPool/Supabase, npm registry update checks, and user-configured LLM providers.
- No source evidence of credential harvesting, hidden exfiltration, destructive behavior, or unconsented AI-agent control-surface mutation.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1