AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time setup writes a first-party browser extension and Jupyter bridge under `~/.cockpit`. The extension has broad browser privileges and provides local Cockpit-controlled cookie injection and page evaluation.
Decision evidence
public snapshot- `package.json` runs `bin/postinstall.mjs` automatically.
- `bin/postinstall.mjs` copies the package-owned Chrome extension to `~/.cockpit/chrome-extension/`.
- `chrome-extension/manifest.json` requests `<all_urls>`, cookies, scripting, webRequest, tabs, and storage.
- `chrome-extension/background.js` injects target-site cookies and evaluates supplied JavaScript in tracked Cockpit iframes.
- Content activation is limited to frames tracked as Cockpit-owned in `chrome-extension/content.js`.
- External extension messages are restricted to localhost/127.0.0.1 in `chrome-extension/background.js`.
- No unaligned outbound endpoint, credential exfiltration, remote payload download, or foreign AI-agent config mutation was found.
Source & flagged code
14 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/cock.mjsView on unpkgA single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/cock.mjsView on unpkg · L177Package source references a known benign dynamic code generation pattern.
dist/chunk-BFESJMNO.mjsView on unpkg · L8289Package source references dynamic require/import behavior.
chrome-extension/content.jsView on unpkg · L211Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
dist/wsServer.mjsView on unpkg · L39Package ships WebAssembly modules.
public/tree-sitter/tree-sitter-go.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
kernels/jupyter_bridge.pyView on unpkgPackage ships high-entropy non-source blobs.
.next-prod/static/media/KaTeX_Math-Italic.5295ba48.woffView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
.next-prod/server/chunks/7184.jsView on unpkgPackage contains source files above the static scanner size ceiling.
.next-prod/server/chunks/7184.jsView on unpkg