registry  /  @starframe/view-print  /  0.1.0

@starframe/view-print@0.1.0

AI tool for extracting precise layout graphs from web pages via Playwright

AI Security Review

scanned 8h ago · by lpm-firewall-ai

A user-invoked CLI starts a detached Playwright daemon. The daemon has no authentication or explicit loopback bind and exposes browser control, including page-context JavaScript evaluation and HAR export.

Static reason
One or more suspicious static signals were detected.
Trigger
Run the `viewprint` CLI or invoke its exported daemon/start functions.
Impact
A reachable peer could control active browser sessions, navigate pages, execute JavaScript in those pages, and collect tracked request/response data.
Mechanism
Unauthenticated HTTP browser-control daemon with page-context eval.
Rationale
The package is not overtly malicious and its primitives fit a Playwright inspection tool, but its unauthenticated daemon can expose browser-control capabilities beyond the local caller because no loopback bind is specified. Flag as a warning for unresolved remote-control risk rather than blocking publication.
Evidence
package.jsonsrc/daemon-process.tssrc/daemon.tssrc/daemon-client.tssrc/browser.tssrc/cli.ts~/.viewprint/daemon.pid~/.viewprint/daemon.log~/.viewprint/sessions
Network endpoints1
localhost:<port>

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `src/daemon.ts` starts an unauthenticated HTTP control server with `listen(this.port)` and no loopback host restriction.
  • `src/daemon.ts` exposes session actions including page navigation, browser interaction, and `eval` through HTTP requests.
  • `src/browser.ts` executes supplied `eval` text in the active Playwright page context.
  • `src/daemon-process.ts` detaches a daemon and writes PID/log files under `~/.viewprint`.
  • `src/browser.ts` can record request/response headers and bodies to a caller-selected HAR path.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • Child-process use only launches this package's local `daemon-entry.js` with the current Node executable.
  • Client `fetch` calls target only `http://localhost:<port>`; no package-owned external endpoint is present.
  • Filesystem writes are session, daemon, screenshot, and explicit HAR output state; no credential harvesting or exfiltration code was found.
  • Dynamic evaluation is exposed as documented CLI/MCP browser-page evaluation, not import-time execution.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 26 file(s), 221 KB of source

Source & flagged code

3 flagged · loading source
dist/src/daemon-process.jsView file
1import { spawn } from 'node:child_process'; L2: import fs from 'node:fs';
High
Child Process

Package source references child process execution.

dist/src/daemon-process.jsView on unpkg · L1
1Cross-file remote execution chain: dist/src/daemon-process.js spawns dist/src/daemon-client.js; helper contains network access plus dynamic code execution. L1: import { spawn } from 'node:child_process'; L2: import fs from 'node:fs'; ... L5: import { DaemonClient } from './daemon-client.js'; L6: const pidFilePath = path.join(os.homedir(), '.viewprint', 'daemon.pid'); L7: export function getDaemonPort() { L8: const envPort = process.env.VIEWPRINT_PORT; L9: if (envPort) { ... L79: try { L80: await fetch(`http://localhost:${port}/shutdown`, { method: 'POST' }); L81: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/src/daemon-process.jsView on unpkg · L1
dist/src/daemon-client.jsView file
78} L79: async eval(session, script) { L80: const response = await this.post(`/sessions/${session}/eval`, { script });
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/daemon-client.jsView on unpkg · L78

Findings

3 High2 Medium4 Low
HighChild Processdist/src/daemon-process.js
HighShell
HighCross File Remote Execution Contextdist/src/daemon-process.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/src/daemon-client.js
LowFilesystem
LowHigh Entropy Strings