registry  /  thinkpool-pair  /  0.7.165

thinkpool-pair@0.7.165

Share a local coding-agent CLI (Claude Code, Codex, Gemini, Aider, …) into a ThinkPool Code room, live.

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked ThinkPool coding-agent bridge with realtime room networking, optional explicit background service setup, and local credential/provider configuration for its stated function.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs thinkpool-pair CLI commands such as room bridge, login, provider, or install-service.
Impact
Shares a local coding-agent session into a ThinkPool room when invoked; no install-time execution, credential exfiltration, or stealth persistence found.
Mechanism
Package-aligned remote coding-agent bridge and optional OS service installer
Rationale
Static inspection shows powerful but package-aligned bridge behavior activated by explicit CLI/runtime actions, with no npm lifecycle hook, hidden payload, unconsented install-time agent control mutation, or exfiltration path. The scanner's secret/persistence/child_process hits map to public Supabase anon config, local user-owned config, explicit service commands, and intended agent spawning.
Evidence
package.jsonbridge.mjsservice.mjsaccount.mjsauth-store.mjsproviders.mjsprovider.mjsclaude-session.mjs~/.thinkpool-pair/auth.json~/.thinkpool-pair/dirs.json~/.thinkpool-pair/served.json~/.thinkpool-pair/default-dir~/.thinkpool-pair/providers.json~/.thinkpool-pair/bridge-key.json~/Library/LaunchAgents/io.thinkpool.pair.*.plist~/.config/systemd/user/io.thinkpool.pair.*.service
Network endpoints6
daytvtakmlixpfbbqzjd.supabase.cothinkpool.ioregistry.npmjs.org/thinkpool-pair/latestapi.anthropic.comopenrouter.ai/apiapi.z.ai/api/anthropic

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle hooks; bin is explicit CLI bridge.mjs.
    • bridge.mjs network use is package-aligned realtime/REST to Supabase and thinkpool.io.
    • service.mjs persistence is only explicit install-service/uninstall-service user command, not install-time.
    • account.mjs spawns child bridge/updates only in account/service runtime paths.
    • auth-store.mjs/providers.mjs store user auth/provider keys locally under ~/.thinkpool-pair with 0600 intent.
    • Supabase JWT in bridge.mjs is labeled anon public client key, not a private service secret.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 33 file(s), 643 KB of source, external domains: api.anthropic.com, api.z.ai, daytvtakmlixpfbbqzjd.supabase.co, openrouter.ai, registry.npmjs.org, thinkpool.io, www.apple.com

    Source & flagged code

    6 flagged · loading source
    bridge.mjsView file
    102patternName = supabase_service_key severity = critical line = 102 matchedText = const SU...tqo'
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    bridge.mjsView on unpkg · L102
    matchType = previous_version_dangerous_delta matchedPackage = thinkpool-pair@0.7.162 matchedIdentity = npm:dGhpbmtwb29sLXBhaXI:0.7.162 similarity = 0.938 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    bridge.mjsView on unpkg
    102patternName = supabase_service_key severity = critical line = 102 matchedText = const SU...tqo'
    Critical
    Secret Pattern

    Supabase service role key (JWT) in bridge.mjs

    bridge.mjsView on unpkg · L102
    flow-assembly.mjsView file
    14// L15: // Node built-ins ONLY (fs, path, child_process, zlib) — bridge ships as npm L16: // thinkpool-pair with no new deps. Pure over injected fs/git/gh/readFile so the
    High
    Child Process

    Package source references child process execution.

    flow-assembly.mjsView on unpkg · L14
    service.mjsView file
    22import path from 'node:path' L23: import { execSync } from 'node:child_process' L24: ... L26: // exactly one account service per machine (a second install replaces it). L27: // Room codes flow UNESCAPED into launchctl/systemd shell strings + plist paths, so L28: // this is the security chokepoint: reject anything that isn't a plain alnum code ... L44: // `home` is the platform-correct, runtime-expanded home token ("$HOME" on darwin under L45: // /bin/bash; "$$HOME" inside a systemd unit so systemd emits a literal $HOME to bash). L46: const cacheWipe = (home) => `rm -rf ${home}/.npm/_npx/*/node_modules/thinkpool-pair 2>/dev/null` ... L48: // The version installing the service. By DEFAULT the service is pinned to this exact L49: // version (not @latest) so a future bad npm publish can't auto-roll to every machine's L50: // always-on bridge — that's what spread the broken 0.7.49 on 2026-06-22. Updates become
    Medium
    Install Persistence

    Source writes installer persistence such as shell profile or service configuration.

    service.mjsView on unpkg · L22
    account.mjsView file
    1/* account.mjs — account-mode bridge (Phase 1). L2: One `npx thinkpool-pair` per ACCOUNT instead of per room: L3: login — link this device to your ThinkPool account (realtime handoff). ... L8: Spec: docs/specs/2026-06-16-account-bridge.md */ L9: import { spawn } from 'node:child_process' L10: import { fileURLToPath } from 'node:url'
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    account.mjsView on unpkg · L1

    Findings

    3 Critical3 High4 Medium5 Low
    CriticalCritical Secretbridge.mjs
    CriticalPrevious Version Dangerous Deltabridge.mjs
    CriticalSecret Patternbridge.mjs
    HighChild Processflow-assembly.mjs
    HighShell
    HighRuntime Package Installaccount.mjs
    MediumNetwork
    MediumEnvironment Vars
    MediumInstall Persistenceservice.mjs
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License