AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked MCP/browser validation server with powerful but package-aligned testing tools.
Decision evidence
public snapshot- server.js exposes MCP/browser automation tools including browser_eval and HTTP mode when explicitly started
- handlers/validation.js can issue user-directed API requests and CRUD checks against the opened page origin
- server.js and handlers write local validation artifacts, reports, screenshots, HAR, and logs
- package.json has no install/postinstall lifecycle hook; prepublishOnly is publisher-side health/pack check
- bin/validpilot.js only runs explicit health/validate/run commands and does not alter AI-agent configs
- No code writes .mcp.json, Claude/Codex/Cursor settings, shell startup files, VCS hooks, or autostart entries
- Network activity is user-supplied target URLs, localhost HTTP server, or documented ValidPilot pricing links; no hardcoded exfiltration endpoint found
- core/redaction.js redacts tokens/secrets in logs and evidence packs
- child_process usage is limited to launching the local server/browser helpers or Windows codepage/Chrome detection
Source & flagged code
5 flagged · loading sourcePackage contains a possible secret pattern.
hands/deep_interactor.jsView on unpkg · L190Package source references child process execution.
core/win-encoding.jsView on unpkg · L15Package source references a known benign dynamic code generation pattern.
engines/playwright_adapter.jsView on unpkg · L173Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
standalone-start.jsView on unpkg · L9