registry  /  @openruntime/agent-browser  /  0.32.0-openruntime.1

@openruntime/agent-browser@0.32.0-openruntime.1

Browser automation CLI for AI agents with OpenRuntime memory diagnostics

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 12 finding(s) at 88.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.; source closely matched a different package identity

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 22.1 KB of source, external domains: github.com, rustup.rs

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/agent-browser-linux-x64View file
path = bin/agent-browser-linux-x64 kind = native_binary sizeBytes = 13290824 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/agent-browser-linux-x64View on unpkg
skill-data/core/templates/capture-workflow.shView file
path = skill-data/core/templates/capture-workflow.sh kind = build_helper sizeBytes = 1832 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

skill-data/core/templates/capture-workflow.shView on unpkg
scripts/postinstall.jsView file
matchType = package_source_clone_identity_mismatch matchedPackage = agent-browser@0.32.0 matchedPath = bin/agent-browser.js matchedIdentity = npm:YWdlbnQtYnJvd3Nlcg:0.32.0 similarity = 1.000 shingleOverlap = 5 summary = source files closely matched a different published package identity
High
Package Source Clone Identity Mismatch

Package source closely matches a different published package identity; review for dependency-confusion or copied-code abuse.

scripts/postinstall.jsView on unpkg

Findings

2 High6 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPackage Source Clone Identity Mismatchscripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarybin/agent-browser-linux-x64
MediumShips Build Helperskill-data/core/templates/capture-workflow.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings