AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Package installs a first-party browser native-messaging sidecar when the user runs installer scripts, then exposes an MCP/CLI Google AI Mode search bridge over localhost. This is a guarded extension lifecycle risk, but not confirmed malicious by source inspection.
Decision evidence
public snapshot- native-host/install-host.cjs writes Firefox native messaging manifests under user profile paths and may add HKCU registry key on Windows.
- native-host/install-chrome-host.cjs writes Chromium/Chrome/Brave native messaging manifests and allowed_origins for a supplied extension id.
- native-host/host.js opens localhost TCP 127.0.0.1:51784 and forwards framed requests to the browser extension.
- extension*/background.js opens hidden Google AI Mode search tabs and returns page HTML/citations through native messaging.
- package.json has no preinstall/install/postinstall hook; prepare/prepublishOnly only run tsc.
- Installer scripts are explicit user commands, not automatic npm install mutation.
- Extension host permissions are limited to https://www.google.com/* and nativeMessaging.
- No credential/env harvesting, broad filesystem scanning, remote payload loading, eval, or destructive behavior found.
- Network behavior is package-aligned Google search: https://www.google.com/search?udm=50&q=...
Source & flagged code
3 flagged · loading sourceThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
native-host/install-chrome-host.cjsView on unpkgSource writes installer persistence such as shell profile or service configuration.
native-host/install-chrome-host.cjsView on unpkg · L21Package ships non-JavaScript build or shell helper files.
native-host/run-host.shView on unpkg