registry  /  autokap  /  2.0.1

autokap@2.0.1

AI-powered CLI tool for capturing clean screenshots of websites

AI Security Review

scanned 19h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Network, browser automation, artifact uploads, and subprocesses are tied to the advertised screenshot-capture CLI and explicit runtime actions.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `autokap run`, `doctor --fix`, or accepts an interactive update prompt.
Impact
Captures requested web content and uploads requested artifacts to the configured AutoKap service; no unsolicited credential harvesting, foreign agent mutation, or install-time execution found.
Mechanism
Playwright capture, service API upload, optional Chromium install, and user-approved CLI update.
Rationale
Source inspection found a normal automation CLI with user-invoked network and subprocess behavior. The scanner signals are explained by explicit runtime features; no malicious chain or AI-agent control-surface mutation was found.
Evidence
package.jsondist/cli.jsdist/cli-runner.jsdist/playwright-installer.jsdist/cli-updater.jsdist/cli-config.jsdist/cookie-dismiss.js~/.autokap/config.json~/.autokap/last-update-check.jsontemporary audio filesuser-selected output directory
Network endpoints5
autokap.appwss://autokap.app/wsregistry.npmjs.org/autokap/latestopenrouter.ai/api/v1eu.i.posthog.com

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no lifecycle scripts; install/import do not trigger package code.
    • `dist/cli.js` runs only as the `autokap` executable and exposes explicit login/run/doctor commands.
    • `dist/playwright-installer.js` downloads Chromium only during a capture run when missing.
    • `dist/cli-updater.js` checks `registry.npmjs.org` only in an interactive CLI session and runs global npm install after a prompt.
    • `dist/cli-config.js` stores only AutoKap CLI config in `~/.autokap` with restrictive permissions and validates origins.
    • `dist/cookie-dismiss.js` uses `new Function` only inside the Playwright page to reconstruct its own cookie-container predicate.
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 95 file(s), 1.63 MB of source, external domains: app.example.com, autokap.app, eu.i.posthog.com, example.com, ffmpeg.org, github.com, nodejs.org, openrouter.ai, registry.npmjs.org, www.google.com, www.w3.org

    Source & flagged code

    7 flagged · loading source
    dist/openrouter-tts.jsView file
    13* **Pure module** — no Node-only imports beyond `node:fs` / `node:os` / L14: * `node:path` / `node:child_process` (used only for duration probing). Safe L15: * to import from both the CLI and the Next.js server runtime.
    High
    Child Process

    Package source references child process execution.

    dist/openrouter-tts.jsView on unpkg · L13
    dist/cookie-dismiss.jsView file
    187// eslint-disable-next-line no-new-func L188: const isCookieConsentContainer = new Function(`return (${predicateSource})`)(); L189: // Find all visible buttons and links
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/cookie-dismiss.jsView on unpkg · L187
    dist/capture-variant-state.jsView file
    1import { createHash } from "crypto"; L2: import { inferCapturePageIdentity } from "./capture-page-identity.js";
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/capture-variant-state.jsView on unpkg · L1
    dist/cli-updater.jsView file
    17// against the new binary. L18: import { spawn } from 'node:child_process'; L19: import fs from 'node:fs/promises'; L20: import https from 'node:https'; L21: import path from 'node:path'; ... L32: function isInteractive() { L33: return Boolean(process.stdout.isTTY && process.stdin.isTTY && !process.env.CI); L34: }
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/cli-updater.jsView on unpkg · L17
    dist/posthog.jsView file
    4// Stable anonymous ID derived from machine hostname — no PII collected L5: const machineId = createHash('sha256').update(hostname()).digest('hex').slice(0, 16); L6: export const DISTINCT_ID = `cli-${machineId}`; ... L10: if (!_client) { L11: _client = new PostHog(process.env.POSTHOG_API_KEY ?? '', { L12: host: process.env.POSTHOG_HOST ?? 'https://eu.i.posthog.com', L13: flushAt: 1,
    High
    Sandbox Evasion Gated Capability

    Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

    dist/posthog.jsView on unpkg · L4
    dist/playwright-installer.jsView file
    11* L12: * Cross-platform: uses `npx playwright install chromium` (works on macOS, L13: * Linux, Windows). Output is streamed inherit so the user sees the ... L15: */ L16: import { spawn } from 'node:child_process'; L17: import { existsSync } from 'node:fs';
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/playwright-installer.jsView on unpkg · L11
    dist/cli.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = autokap@1.9.10 matchedIdentity = npm:YXV0b2thcA:1.9.10 similarity = 0.905 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/cli.jsView on unpkg

    Findings

    1 Critical5 High3 Medium6 Low
    CriticalPrevious Version Dangerous Deltadist/cli.js
    HighChild Processdist/openrouter-tts.js
    HighShell
    HighSame File Env Network Executiondist/cli-updater.js
    HighSandbox Evasion Gated Capabilitydist/posthog.js
    HighRuntime Package Installdist/playwright-installer.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowEvaldist/cookie-dismiss.js
    LowWeak Cryptodist/capture-variant-state.js
    LowFilesystem
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings