AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Decision evidence
public snapshot- `handlers/browser.js` exposes MCP `browser_eval`, evaluating caller-provided JavaScript in a browser page.
- `handlers/correlate.js` exposes `bypass_login`, which probes protected URLs without cookies/auth and tries supplied backdoor paths.
- `server.js` loads these tools through the MCP runtime; its entrypoint has repeated BOMs but no concealed bidi control flow.
- `server.js` writes browser/HAR/report artifacts, so MCP requests can affect local project artifact directories.
- `package.json` has only `prepublishOnly`; install does not run package code.
- No source writes `.claude`, `.cursor`, `mcp.json`, editor settings, or home-directory agent configuration.
- No package-controlled credential exfiltration endpoint or outbound HTTP client was found; browser fetches operate on user-supplied target pages.
- `core/redaction.js` redacts common tokens and API keys from structured output.
- `core/win-encoding.js` only changes the Windows terminal code page; shell use is platform-local.
- Process spawning is limited to starting this package's local server/browser helpers and Chrome discovery.
Source & flagged code
7 flagged · loading sourcePackage contains a possible secret pattern.
hands/deep_interactor.jsView on unpkg · L190Package source references child process execution.
core/win-encoding.jsView on unpkg · L15Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
server.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
server.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
server.jsView on unpkgSource spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
bin/validpilot.jsView on unpkg · L5