registry  /  bmem-cli  /  0.1.0

bmem-cli@0.1.0

Open catalog of web skills for AI agents. Search, add, and run reusable browser recipes with whatever browser your agent already has.

AI Security Review

scanned 6h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs bmem add <name> or bmem install.
Impact
May add first-party or catalog-provided skills to local agent skill configuration with user intent.
Mechanism
downloads/registers agent skills via npx skills add
Rationale
This matches an explicit user-command agent capability setup with remote catalog content, so it warrants a warning but not a publish block. There is no unconsented npm install-time mutation or source evidence of malicious behavior.
Evidence
package.jsondist/index.jsREADME.mdskills/bmem/SKILL.md$BMEM_HOME/skills/<skill-id>
Network endpoints2
api.browser-memory.commanifest-provided file.url values

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js exposes user-invoked add/install commands that run npx --yes skills add.
  • dist/index.js install registers bundled skills/bmem globally with --agent *.
  • dist/index.js add downloads manifest-listed files from remote URLs into BMEM_HOME before registering them as native skills.
Evidence against
  • package.json has only prepare build script; no preinstall/install/postinstall agent mutation.
  • Network use is package-aligned catalog access via API_BASE default https://api.browser-memory.com.
  • No credential harvesting, exfiltration headers, eval/vm/Function, native binary loading, or persistence beyond explicit skill registration found.
  • parseSkillId rejects backslashes, dot segments, and more than two path parts.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 7.27 KB of source, external domains: api.browser-memory.com, nodejs.org

Source & flagged code

3 flagged · loading source
dist/index.jsView file
49// src/install.ts L50: import { spawn } from "child_process"; L51: import { mkdir, mkdtemp, rename, rm, writeFile } from "fs/promises";
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L49
43async function fetchText(url) { L44: const res = await fetch(url); L45: if (!res.ok) throw new HttpError(res.status, url, res.statusText); ... L49: // src/install.ts L50: import { spawn } from "child_process"; L51: import { mkdir, mkdtemp, rename, rm, writeFile } from "fs/promises"; ... L56: import { join } from "path"; L57: var BMEM_HOME = process.env.BMEM_HOME ?? join(process.env.XDG_CONFIG_HOME ?? join(homedir(), ".config"), "bmem"); L58: var BMEM_SKILLS_DIR = join(BMEM_HOME, "skills");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L43
93throw new Error( L94: `\`npx skills add\` exited with code ${code}. Make sure Node.js/npx is installed (https://nodejs.org).` L95: ); ... L99: return new Promise((resolve) => { L100: const child = spawn(cmd, args, { stdio: "inherit" }); L101: child.on("error", () => resolve(1));
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L93

Findings

4 High2 Medium4 Low
HighChild Processdist/index.js
HighShell
HighSame File Env Network Executiondist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings