AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The extension exposes high-impact browser-control capabilities through a locally installed CLI. No confirmed package-owned data exfiltration or install-time mutation occurs.
Static reason
One or more suspicious static signals were detected.
Trigger
Finch activation registers tools; a user/agent must invoke a browser tool or `browser_setup`.
Impact
An invoking agent can automate browser actions, execute page-context JavaScript, upload selected files, and access page-derived data.
Mechanism
Shell wrapper around `chrome-devtools` with explicit global CLI installation.
Rationale
Source shows an explicit-user-command global install and broad browser automation capability, not concrete malicious behavior. Flag as a warning for first-party agent extension lifecycle and capability risk.
Evidence
dist/index.jspackage.jsonREADME.md
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `dist/index.js` registers browser automation tools on Finch startup.
- Explicit `browser_setup` runs `npm install -g chrome-devtools-mcp`.
- Tools can navigate, upload files, evaluate page JavaScript, and inspect browser network traffic.
- `package.json` requests shell permission for the extension.
Evidence against
- `package.json` has no npm lifecycle hooks.
- Installation is only in the explicit `browser_setup` tool, not activation.
- `dist/index.js` has no credential/environment harvesting or direct exfiltration code.
- All CLI invocations are fixed commands or argument-array calls; no package-owned remote payload loader found.
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
1import { execFile, execSync } from 'node:child_process';
L2: import { existsSync, mkdtempSync } from 'node:fs';
High
569try {
L570: execSync('npm install -g chrome-devtools-mcp', { timeout: 120_000, stdio: 'pipe' });
L571: const out = await run(['status'], 5_000);
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
dist/index.jsView on unpkg · L569Findings
3 High2 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
LowScripts Present
LowFilesystem