AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is an MCP/browser validation tool with user-triggered browser automation, local HTTP/stdio server modes, artifact generation, and target-URL probing.
Decision evidence
public snapshot- handlers/validation.js and engines/playwright_adapter.js expose user-invoked eval/new Function browser checks.
- server.js HTTP mode can run unauthenticated when MCP_API_KEY is unset, with a warning.
- server.js and handlers write screenshots, reports, logs, HARs, and validation artifacts during tool use.
- package.json has no install/postinstall hook; prepublishOnly is publish-time health/pack only.
- bin/validpilot.js only dispatches CLI commands and spawns local server.js/start-http.js on user request.
- Network fetches target user-supplied URLs or local API probes for browser validation, not hardcoded exfiltration.
- core/redaction.js redacts tokens/passwords; no credential harvesting loop found.
- child_process usage is limited to spawning local server or OS Chrome/encoding discovery commands.
- No AI-agent config/control-surface writes such as .cursor, .claude, AGENTS.md, or prompt mutation found.
Source & flagged code
6 flagged · loading sourcePackage contains a possible secret pattern.
hands/deep_interactor.jsView on unpkg · L190Package source references child process execution.
core/win-encoding.jsView on unpkg · L15Package source references a known benign dynamic code generation pattern.
engines/playwright_adapter.jsView on unpkg · L173This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/validpilot.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/validpilot.jsView on unpkg · L5