AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation mutates only the package-local Python environment. When a caller invokes the solver, it automates CAPTCHA interaction, can start a local vLLM service, and uploads the CAPTCHA image to the configured inference endpoint; no covert exfiltration chain was found.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` for bootstrap; explicit runtime construction/use of `CaptchaKrakenSolver.solve()` for browser automation and inference.
Impact
Enables CAPTCHA-bypass automation and can disclose solved-page CAPTCHA images plus the configured bearer credential to the selected inference service.
Mechanism
CAPTCHA-solving browser automation backed by a bundled Python/vLLM client.
Rationale
Source inspection confirms a real dangerous dual-use CAPTCHA-solving capability and install-time environment mutation. The behavior is package-aligned and lacks a concrete covert-malware chain, so warn rather than block.
Evidence
package.jsonscripts/setup-python.jsdist/index.jsdist/solver.jspython/src/captchakraken/config.pypython/src/captchakraken/planner.pypython/src/captchakraken/server_manager.pypython/.venvpython/pyproject.toml
Network endpoints1
localhost:8000/v1/chat/completions
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `scripts/setup-python.js` on `postinstall`.
- Postinstall creates `python/.venv`, upgrades pip tooling, and installs the bundled Python project.
- `python/src/captchakraken/planner.py` sends captcha-image data and a bearer token to the configured vLLM endpoint.
- `python/src/captchakraken/server_manager.py` auto-starts a detached local vLLM process and persists PID/lock/log state.
- `dist/solver.js` automates browser CAPTCHA interaction and invokes the bundled CLI.
Evidence against
- No source reads arbitrary credentials, shell profiles, or broad user files.
- No covert fixed remote host, payload download, eval/vm loader, or AI-agent configuration mutation was found.
- Remote inference is explicitly configured through `VLLM_BASE_URL`; the default endpoint is localhost.
- Import entrypoint `dist/index.js` only exports solver and adapter APIs.
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystem
HighEntropyStrings
CopyleftLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/setup-python.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgpython/examples/_harness.pyView file
•path = python/examples/_harness.py
kind = build_helper
sizeBytes = 6632
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
python/examples/_harness.pyView on unpkgFindings
1 High3 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
MediumShips Build Helperpython/examples/_harness.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowCopyleft License