AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a remote coding-agent bridge with powerful user-invoked terminal sharing and optional service persistence, matching its stated purpose.
Decision evidence
public snapshot- bridge.mjs exposes a user-invoked CLI that relays local agent/PTY activity to ThinkPool rooms via Supabase realtime.
- service.mjs can write launchd/systemd/Startup persistence and run npx, but only through explicit install-service/menu opt-in.
- account.mjs spawns room bridge children and can poll registry.npmjs.org for updates when auto-update service env is set.
- provider.mjs/providers.mjs store user-supplied LLM tokens under ~/.thinkpool-pair with 0600 permissions.
- package.json has no preinstall/install/postinstall lifecycle hooks; only bin thinkpool-pair -> bridge.mjs.
- bridge.mjs install-service path is a named user command; first-run background service prompt defaults to no.
- Supabase anon JWT in bridge.mjs is documented public client credential, not a private secret.
- Room codes and service labels are regex-validated before filesystem/service interpolation.
- Provider registry projections avoid broadcasting raw keys; provider-add checks participant/owner token before mutation.
- No source shows install/import-time credential harvesting, destructive behavior, or hidden remote payload execution.
Source & flagged code
6 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bridge.mjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
service.mjsView on unpkg · L22Package source invokes a package manager install command at runtime.
account.mjsView on unpkg · L1