AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a high-capability local bridge for sharing coding-agent sessions and can persist itself only after an explicit user command.
Decision evidence
public snapshot- service.mjs can install launchd/systemd/Startup persistence, but only via explicit install-service command.
- bridge.mjs/account.mjs spawn local agent/bridge processes and poll npm registry for updates when service auto-update is enabled.
- auth-store.mjs/provider.mjs/providers.mjs store account/provider tokens under ~/.thinkpool-pair with 0600 modes.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin is bridge.mjs.
- Persistence is user-invoked from install-service/uninstall-service paths, not install-time mutation.
- Network use is package-aligned: Supabase room/auth APIs, thinkpool.io upload APIs, npm registry update checks, and user-configured model endpoints.
- Provider registry add/remove requires authenticated owner/host JWT; announcements expose names/key hints, not raw keys.
- No evidence of credential harvesting from unrelated files, stealth exfiltration, destructive install behavior, or remote payload execution.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1