AI Security Review
scanned 8h ago · by lpm-firewall-aiA user-invoked CLI starts a detached Playwright daemon. The daemon has no authentication or explicit loopback bind and exposes browser control, including page-context JavaScript evaluation and HAR export.
Decision evidence
public snapshot- `src/daemon.ts` starts an unauthenticated HTTP control server with `listen(this.port)` and no loopback host restriction.
- `src/daemon.ts` exposes session actions including page navigation, browser interaction, and `eval` through HTTP requests.
- `src/browser.ts` executes supplied `eval` text in the active Playwright page context.
- `src/daemon-process.ts` detaches a daemon and writes PID/log files under `~/.viewprint`.
- `src/browser.ts` can record request/response headers and bodies to a caller-selected HAR path.
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- Child-process use only launches this package's local `daemon-entry.js` with the current Node executable.
- Client `fetch` calls target only `http://localhost:<port>`; no package-owned external endpoint is present.
- Filesystem writes are session, daemon, screenshot, and explicit HAR output state; no credential harvesting or exfiltration code was found.
- Dynamic evaluation is exposed as documented CLI/MCP browser-page evaluation, not import-time execution.
Source & flagged code
3 flagged · loading sourcePackage source references child process execution.
dist/src/daemon-process.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/src/daemon-process.jsView on unpkg · L1Package source references a known benign dynamic code generation pattern.
dist/src/daemon-client.jsView on unpkg · L78