AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a user-invoked ThinkPool room bridge that intentionally relays local coding-agent sessions and optional BYOK provider settings.
Decision evidence
public snapshot- bridge.mjs can spawn local agent CLIs/PTYs and accept room broadcasts for term-open/code-turn/file-put at runtime.
- service.mjs can write launchd/systemd/Startup persistence, but only via install-service or explicit launcher menu action.
- auth-store.mjs/provider.mjs/providers.mjs store account/provider tokens under ~/.thinkpool-pair with mode 0600.
- bridge.mjs embeds a Supabase anon JWT/public endpoint, not a private service secret.
- package.json has no preinstall/install/postinstall hooks; only bin thinkpool-pair -> bridge.mjs and release script.
- bridge.mjs gates service install/uninstall behind explicit subcommands or interactive opt-in, not install/import time.
- bridge.mjs validates room codes before filesystem/service use and serve-consent.mjs requires owner/grant auth for room serving.
- Network calls target package-aligned ThinkPool/Supabase/npm/model-provider endpoints for the advertised bridge functionality.
- No credential harvesting or exfiltration beyond user login/provider setup paths; provider keys are saved locally and masked in output.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1