AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a WebPilot/browser automation CLI with user-invoked scaffolding, diagnostics, Python setup, LLM provider calls, and browser-use telemetry.
Decision evidence
public snapshot- packages/browser-use telemetry defaults to PostHog and creates a device_id under browser-use config.
- Explicit setup paths can create .venv and install requirements for vendored browser-use.
- CLI can run browser automation, LLM calls, subprocess checks, and project scaffolding when user invokes commands.
- package.json has no preinstall/install/postinstall lifecycle hooks.
- dist/src/cli/index.js actions are commander subcommands; import mainly registers CLI and loads dotenv.
- dist/src/cli/index.js init/setup/doctor writes are project/tool scaffolding or diagnostics, not stealth persistence.
- dist/src/integrations/browser_use/PythonRuntime.js pip/venv operations are package-aligned setup for vendored browser-use.
- dist/src/core/LLMClient.js sends prompts only to configured LLM providers; no hidden exfil endpoint found.
- Claude skill references in packages/browser-use docs are manual instructions, not executed by npm lifecycle code.
Source & flagged code
5 flagged · loading sourcePackage source references child process execution.
dist/src/core/CodegenPlaywrightValidator.jsView on unpkg · L36This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/src/cli/index.jsView on unpkgPackage source invokes a package manager install command at runtime.
dist/src/cli/index.jsView on unpkg · L567Package ships non-JavaScript build or shell helper files.
scripts/setup-python.shView on unpkgHardcoded password in docs/FRAMEWORK_GUIDE.md
docs/FRAMEWORK_GUIDE.mdView on unpkg · L702