registry  /  @joehe71/browser-tools  /  0.2.1

@joehe71/browser-tools@0.2.1

Browser automation tools for Finch — navigate, click, fill forms, take screenshots, debug, and more. Powered by Chrome DevTools MCP (Google).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The extension exposes high-impact browser-control capabilities through a locally installed CLI. No confirmed package-owned data exfiltration or install-time mutation occurs.

Static reason
One or more suspicious static signals were detected.
Trigger
Finch activation registers tools; a user/agent must invoke a browser tool or `browser_setup`.
Impact
An invoking agent can automate browser actions, execute page-context JavaScript, upload selected files, and access page-derived data.
Mechanism
Shell wrapper around `chrome-devtools` with explicit global CLI installation.
Rationale
Source shows an explicit-user-command global install and broad browser automation capability, not concrete malicious behavior. Flag as a warning for first-party agent extension lifecycle and capability risk.
Evidence
dist/index.jspackage.jsonREADME.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/index.js` registers browser automation tools on Finch startup.
  • Explicit `browser_setup` runs `npm install -g chrome-devtools-mcp`.
  • Tools can navigate, upload files, evaluate page JavaScript, and inspect browser network traffic.
  • `package.json` requests shell permission for the extension.
Evidence against
  • `package.json` has no npm lifecycle hooks.
  • Installation is only in the explicit `browser_setup` tool, not activation.
  • `dist/index.js` has no credential/environment harvesting or direct exfiltration code.
  • All CLI invocations are fixed commands or argument-array calls; no package-owned remote payload loader found.
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 27.4 KB of source

Source & flagged code

2 flagged · loading source
dist/index.jsView file
1import { execFile, execSync } from 'node:child_process'; L2: import { existsSync, mkdtempSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1
569try { L570: execSync('npm install -g chrome-devtools-mcp', { timeout: 120_000, stdio: 'pipe' }); L571: const out = await run(['status'], 5_000);
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L569

Findings

3 High2 Low
HighChild Processdist/index.js
HighShell
HighRuntime Package Installdist/index.js
LowScripts Present
LowFilesystem