AI Security Review
scanned 2h ago · by lpm-firewall-aiA local HTTP agent exposes browser automation and scenario execution after the user starts it. Its wildcard CORS and PNA headers allow browser-originated requests to the localhost service once it is authenticated.
Decision evidence
public snapshot- `dist/cli/agent.js` enables wildcard CORS and Private Network Access.
- `dist/cli/agent.js` accepts authenticated `/api/preview` bodies and runs supplied scenarios.
- `dist/dslExecutor/executor.js` executes scenario-provided JavaScript in browser pages with `new Function`.
- `dist/core/browserManager.js` uses stealth browser fingerprinting and CAPTCHA-compatible automation.
- `postinstall.js` runs Playwright Chromium installation through `execSync` during npm install.
- `postinstall.js` only installs the declared Playwright Chromium dependency and catches failures.
- No source writes AI-agent config, startup persistence, shell payload, or credential-harvesting logic.
- Cloud login sends only explicitly entered credentials to the user-selected auth URI.
- No hard-coded non-package exfiltration endpoint or hidden remote payload loader was found.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/core/browserManager.jsView on unpkgPackage source references child process execution.
dist/core/browserManager.jsView on unpkg · L189Package source invokes a package manager install command at runtime.
dist/core/browserManager.jsView on unpkg · L212Package source references a known benign dynamic code generation pattern.
dist/dslExecutor/executor.jsView on unpkg · L1384A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli/agent.jsView on unpkg · L24