registry  /  @qubiqlabs/webpilot  /  1.1.5

@qubiqlabs/webpilot@1.1.5

AI-native web automation on top of Playwright: natural language execution, codegen, healing, and reports

AI Security Review

scanned 14h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package performs package-aligned browser automation and Python environment setup only after explicit CLI/runtime use; it has no npm install lifecycle hook.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `webpilot setup` or invokes a feature requiring the vendored browser-use Python runtime.
Impact
May modify the current project's `.venv` and download declared Python dependencies, but no covert execution or exfiltration chain was found.
Mechanism
Creates a project virtual environment and runs pip for declared, vendored browser-use dependencies.
Rationale
Static hints reflect expected CLI, browser-automation, and explicit Python setup capabilities. Direct inspection found no install-time behavior or concrete malicious chain.
Evidence
package.jsondist/src/cli/index.jsdist/src/integrations/browser_use/PythonRuntime.jsdist/src/core/CodegenPlaywrightValidator.jsdist/src/core/knowledge/RepoKnowledgeGraph.jspackages/browser-use/browser_use/browser/profile.pyscripts/setup-python.sh.venvrequirements.txtpackages/browser-use

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/src/integrations/browser_use/PythonRuntime.js` can create a project `.venv` and invoke pip, but only through setup/runtime functions.
  • `packages/browser-use/browser_use/browser/profile.py` includes extension-download helpers for browser automation.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `dist/src/cli/index.js` registers environment setup as the explicit `webpilot setup` command.
  • Python setup installs the package's vendored `packages/browser-use` source from `requirements.txt`.
  • No inspected import-time execution, credential harvesting, exfiltration, stealth persistence, or AI-agent configuration mutation was found.
  • `dist/src/core/knowledge/RepoKnowledgeGraph.js` explicitly excludes `.cursor` during project scanning.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 137 file(s), 945 KB of source, external domains: api.anthropic.com, api.openai.com, automationexercise.com, demo.applitools.com, dotnet.microsoft.com, fonts.googleapis.com, generativelanguage.googleapis.com, maven.apache.org, nodejs.org, petstore.swagger.io, www.booking.com, www.python.org, www.w3.org

Source & flagged code

7 flagged · loading source
dist/src/core/CodegenPlaywrightValidator.jsView file
36exports.CodegenPlaywrightValidator = void 0; L37: const child_process_1 = require("child_process"); L38: const fs = __importStar(require("fs"));
High
Child Process

Package source references child process execution.

dist/src/core/CodegenPlaywrightValidator.jsView on unpkg · L36
dist/src/cli/index.jsView file
740try { L741: const candidateVersion = execSync(`${compatiblePython} -c "import sys; print(f'{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}')"`, { encoding: 'utf8', s... L742: warn(`Current Python ${version} is too old, but ${compatiblePython} (${candidateVersion}) is available`, 'Run: webpilot setup');
High
Shell

Package source references shell execution.

dist/src/cli/index.jsView on unpkg · L740
567try { L568: execSync('npx tsc --noEmit', { L569: encoding: 'utf8',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/src/cli/index.jsView on unpkg · L567
dist/src/integrations/browser_use/PythonRuntime.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @qubiqlabs/webpilot@1.1.3 matchedIdentity = npm:QHF1YmlxbGFicy93ZWJwaWxvdA:1.1.3 similarity = 0.983 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/integrations/browser_use/PythonRuntime.jsView on unpkg
42const path = __importStar(require("path")); L43: const child_process_1 = require("child_process"); L44: const ProjectContext_1 = require("../../cli/ProjectContext"); ... L53: 'python', L54: ...(process.platform === 'win32' L55: ? ['py -3.13', 'py -3.12', 'py -3.11', 'py'] ... L81: return ('browser-use requires Python 3.11+.\n' + L82: ' Install from https://www.python.org/downloads/ (or: winget install Python.Python.3.13)\n' + L83: ' Or set WEBPILOT_PYTHON to your python.exe path\n' + ... L91: function projectRoot() { L92: return path.resolve(process.env.WEBPILOT_PROJECT_ROOT || (0, ProjectContext_1.findProjectRoot)()); L93: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/src/integrations/browser_use/PythonRuntime.jsView on unpkg · L42
scripts/setup-python.shView file
path = scripts/setup-python.sh kind = build_helper sizeBytes = 1433 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/setup-python.shView on unpkg
docs/FRAMEWORK_GUIDE.mdView file
702patternName = generic_password severity = medium line = 702 matchedText = await ap... });
Medium
Secret Pattern

Hardcoded password in docs/FRAMEWORK_GUIDE.md

docs/FRAMEWORK_GUIDE.mdView on unpkg · L702

Findings

1 Critical4 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/src/integrations/browser_use/PythonRuntime.js
HighChild Processdist/src/core/CodegenPlaywrightValidator.js
HighShelldist/src/cli/index.js
HighSandbox Evasion Gated Capabilitydist/src/integrations/browser_use/PythonRuntime.js
HighRuntime Package Installdist/src/cli/index.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/setup-python.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndocs/FRAMEWORK_GUIDE.md
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings