registry  /  bmem-cli  /  0.1.1

bmem-cli@0.1.1

Open catalog of web skills for AI agents. Search, add, and run reusable browser recipes with whatever browser your agent already has.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `bmem add <site/task>` or `bmem install`.
Impact
Can add local or catalog-provided skills to an agent environment when explicitly invoked; no confirmed stealth persistence or exfiltration in package source.
Mechanism
explicit-user-command agent skill download and registration
Rationale
Static source inspection found explicit AI-agent skill registration capability, so a warning is appropriate. It is package-aligned and user-invoked, with no concrete malicious chain such as install-time mutation, credential harvesting, destructive behavior, or hidden exfiltration.
Evidence
package.jsondist/index.jsREADME.mdskills/bmem/SKILL.md$BMEM_HOME/skills/<domain>/<task>skills/bmem
Network endpoints3
api.browser-memory.comBMEM_SKILLS_API_BASE_URL overridemanifest-provided file.url values

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js `bmem add` downloads manifest-listed files and writes them under BMEM_HOME skills cache.
  • dist/index.js delegates registration to `npx --yes skills add <path>`.
  • dist/index.js `bmem install` registers bundled skills/bmem with `--global --agent *`.
  • skills/bmem/SKILL.md instructs agents to use bmem to add and run web skills.
Evidence against
  • package.json has only `prepare: tsup`; no preinstall/install/postinstall lifecycle mutation.
  • dist/index.js work is behind commander CLI commands, not import-time execution.
  • dist/index.js network use is catalog API/search/show/add behavior aligned with README.
  • dist/index.js parseSkillId rejects backslashes, dot and dotdot segments before constructing install paths.
  • No credential harvesting, destructive behavior, eval/vm/Function, native binary loading, or hidden exfiltration found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.42 KB of source, external domains: api.browser-memory.com, nodejs.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
49// src/install.ts L50: import { spawn } from "child_process"; L51: import { mkdir, mkdtemp, rename, rm, writeFile } from "fs/promises";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L49
43async function fetchText(url) { L44: const res = await fetch(url); L45: if (!res.ok) throw new HttpError(res.status, url, res.statusText); ... L49: // src/install.ts L50: import { spawn } from "child_process"; L51: import { mkdir, mkdtemp, rename, rm, writeFile } from "fs/promises"; ... L56: import { join } from "path"; L57: var BMEM_HOME = process.env.BMEM_HOME ?? join(process.env.XDG_CONFIG_HOME ?? join(homedir(), ".config"), "bmem"); L58: var BMEM_SKILLS_DIR = join(BMEM_HOME, "skills");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L43
98throw new Error( L99: `\`npx skills add\` exited with code ${code}. Make sure Node.js/npx is installed (https://nodejs.org).` L100: ); ... L104: return new Promise((resolve) => { L105: const child = spawn(cmd, args, { stdio: "inherit" }); L106: child.on("error", () => resolve(1));
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L98

Findings

4 High2 Medium4 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings
bmem-cli: Suspicious npm security report (Warn) | LPM Firewall