registry  /  @m13v/s4l  /  1.7.1

@m13v/s4l@1.7.1

Automated social posting pipeline for Reddit, X/Twitter, LinkedIn, and Moltbook. Install as a Claude Code agent skill.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack surface is established, but the package has substantial explicit setup capability for a Claude/S4L agent extension. It can register MCP servers, create browser profiles, install runtime dependencies, and schedule local jobs when the user runs setup commands.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs s4l/social-autoposter init, update, install-runtime, import/export-cookies, or reset.
Impact
Warn-level lifecycle risk: modifies local Claude/S4L configuration and installs runtime tooling, but not via npm lifecycle hooks and without confirmed exfiltration or stealth behavior.
Mechanism
Explicit CLI-driven agent extension and browser automation setup
Rationale
Source inspection shows high-privilege setup behavior for a first-party social-autoposter Claude/MCP extension, but it is activated by explicit CLI commands and there are no npm lifecycle hooks or confirmed credential exfiltration. This fits warn-level agent extension lifecycle risk rather than malicious publish blocking.
Evidence
package.jsonbin/cli.jsbin/cookie-helper.jsbin/scheduler/launchd.jsmcp/install.mjsbrowser-agent-configs/twitter-harness-mcp.jsonbrowser-agent-configs/reddit-agent-mcp.jsonbrowser-agent-configs/linkedin-agent-mcp.jsonmcp-servers/browser-harness/server.py~/social-autoposter~/.claude/browser-agent-configs~/.claude/browser-profiles~/.claude/mcp-servers/browser-harness/server.py~/.claude/skills/social-autoposter~/.claude/skills/social-autoposter-setup~/.claude.json~/Library/Application Support/Claude/claude_desktop_config.json~/.social-autoposter-env/root/.chromium-profile~/Developer/browser-harness
Network endpoints5
astral.sh/uv/install.shgithub.com/browser-use/browser-harnesss4l.aigithub.com/m13v/social-autoposter.gitgithub.com/m13v/s4l

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • bin/cli.js init/update writes ~/.claude skills, browser-agent configs, MCP server files, and registers Claude MCP servers.
  • bin/cli.js installBrowserHarness runs curl installer, pip installs, git clone/fetch/reset, uv tool install, and npm install in owned MCP dir.
  • mcp/install.mjs writes Claude Desktop and Claude Code MCP config entries, with backups.
  • browser-agent-configs/*.json define MCP servers that launch npx @playwright/mcp or uv-run browser-harness.
  • bin/cli.js generatePlists creates launchd jobs including updater and overlay/watch jobs under ~/social-autoposter/launchd.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; activation is via explicit CLI commands such as init/update/install-runtime.
  • No source evidence of credential exfiltration; cookie export/import is explicit command-only in bin/cookie-helper.js.
  • Remote dependency actions are package-aligned setup for S4L/browser-harness and pinned where browser-harness commit is fetched.
  • Claude config mutation is first-party package-owned agent/MCP setup, not unconsented install-time mutation of a broad foreign agent surface.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 539 KB of source, external domains: 127.0.0.1, api.github.com, app.s4l.ai, astral.sh, dl.google.com, github.com, s4l.ai, www.apple.com, www.google.com

Source & flagged code

7 flagged · loading source
bin/cookie-helper.jsView file
13L14: const { spawn, spawnSync } = require('child_process'); L15: const fs = require('fs');
High
Child Process

Package source references child process execution.

bin/cookie-helper.jsView on unpkg · L13
31package = @m13v/s4l; repositoryIdentity = social-autoposter; dependency = ws L31: } else { L32: try { WS = require('ws'); } catch { L33: try { WS = require(path.join('/usr/lib/node_modules', 'ws')); } catch {}
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

bin/cookie-helper.jsView on unpkg · L31
13L14: const { spawn, spawnSync } = require('child_process'); L15: const fs = require('fs');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/cookie-helper.jsView on unpkg · L13
bin/scheduler/launchd.jsView file
4const fs = require('fs'); L5: const { execSync, spawnSync } = require('child_process'); L6: const platform = require('../platform'); ... L32: \t<array> L33: \t\t<string>/bin/bash</string> L34: \t\t<string>${job.script}</string> ... L38: \t<key>StandardOutPath</key> L39: \t<string>${job.stdoutLog}</string> L40: \t<key>StandardErrorPath</key> ... L80: try { L81: const out = execSync('launchctl list', { stdio: 'pipe', maxBuffer: 8 * 1024 * 1024 }).toString(); L82: for (const line of out.split('\n').slice(1)) {
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bin/scheduler/launchd.jsView on unpkg · L4
bin/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @m13v/s4l@1.6.202 matchedIdentity = npm:QG0xM3YvczRs:1.6.202 similarity = 0.444 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/cli.jsView on unpkg
848} L849: console.log(' installing MCP runtime deps (npm install --omit=dev in mcp/)'); L850: const npmRes = spawnSync('npm', ['install', '--omit=dev', '--no-audit', '--no-fund'], { L851: cwd: mcpDest,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/cli.jsView on unpkg · L848
skill/dm-outreach-reddit.shView file
path = skill/dm-outreach-reddit.sh kind = build_helper sizeBytes = 16928 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skill/dm-outreach-reddit.shView on unpkg

Findings

1 Critical4 High6 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/cli.js
HighChild Processbin/cookie-helper.js
HighShell
HighCopied Package Dependency Bridgebin/cookie-helper.js
HighRuntime Package Installbin/cli.js
MediumDynamic Requirebin/cookie-helper.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebin/scheduler/launchd.js
MediumShips Build Helperskill/dm-outreach-reddit.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings