AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. The remaining risk is runtime Claude-in-Chrome native host setup and bridge connectivity from an interactive AI assistant CLI.
Decision evidence
public snapshot- package.json has prepare: git config core.hooksPath .githooks, but no preinstall/install/postinstall hook.
- dist/chunk-374tvt0h.js can create Claude-in-Chrome wrapper and native messaging host manifest at runtime.
- dist/chunk-374tvt0h.js registers Windows native host keys for com.anthropic.claude_code_browser_extension.
- dist/chunk-b47b3hfe.js can connect Chrome MCP bridge to wss://bridge.claudeusercontent.com and pass Claude OAuth token.
- No install-time npm hook mutates broad AI-agent control surfaces; prepare is source/VCS lifecycle only.
- dist/cli.js is a user-invoked Bun CLI entrypoint, with feature-gated Chrome/MCP/remote paths.
- Scanner credential hits in dist/chunk-jb95wx8d.js are bundled Azure SDK auth classes, not package-authored exfiltration.
- Scanner child_process/network hits are largely bundled SDKs or expected CLI/browser/MCP functionality.
- No hardcoded non-package exfiltration endpoint or browser password harvesting code confirmed.
Source & flagged code
13 flagged · loading sourceSource appears to collect browser login credentials for exfiltration.
dist/chunk-jb95wx8d.jsView on unpkg · L28Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/chunk-jb95wx8d.jsView on unpkg · L28Package contains a possible secret pattern.
dist/chunk-jb95wx8d.jsView on unpkg · L1131Package source references weak cryptographic algorithms.
dist/chunk-jb95wx8d.jsView on unpkg · L28Package source references child process execution.
dist/chunk-ta4rpce6.jsView on unpkg · L4917Source reaches cloud instance metadata or link-local credential endpoints.
dist/chunk-ta4rpce6.jsView on unpkg · L6Source appears to send environment or credential material to an external endpoint.
dist/chunk-a07hgnvm.jsView on unpkg · L113A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/chunk-a07hgnvm.jsView on unpkg · L113Source writes installer persistence such as shell profile or service configuration.
dist/chunk-a07hgnvm.jsView on unpkg · L113Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/chunk-y5patg9p.jsView on unpkg · L99Package contains source files above the static scanner size ceiling.
dist/chunk-tccn9978.jsView on unpkg