Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `aiui claude`, `aiui browser --tunnel`, `aiui chrome`, or `aiui demo`.
Impact
A user who runs the CLI can grant the associated Claude session broad local, browser, and network capability; no unconsented execution or exfiltration chain is established.
Mechanism
Explicit AI-agent/browser orchestration with optional permission bypass and reverse tunneling.
Rationale
No concrete malicious behavior was found, but the package deliberately orchestrates a broadly privileged AI-agent session and browser tooling. This warrants a warning rather than a block because activation is user-commanded and no unconsented lifecycle mutation, stealth persistence, or exfiltration is present.
Evidence
package.jsondist/index.jsdist/cli.jsREADME.mdtemplates/demo/CLAUDE.mdtemplates/demo/package.jsontemplates/demo/vite.config.ts
Network endpoints2
127.0.0.1:<port>/json/version127.0.0.1:<port>/json/new