registry  /  craftdriver  /  1.1.0

craftdriver@1.1.0

Modern WebDriver automation library for NodeJS

AI Security Review

scanned 6h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a browser automation library with runtime driver download, daemon/MCP browser control, and explicit user-command agent guide setup.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes CLI/MCP or calls Browser.launch; craftdriver init writes guide files only when explicitly requested.
Impact
May download browser driver binaries to cache, spawn local browser drivers, and write user-requested screenshots/artifacts/agent guide files; no stealth install-time mutation or exfiltration found.
Mechanism
Package-aligned browser automation, driver resolution, and optional project guide generation
Rationale
The suspicious primitives are aligned with a WebDriver automation package and are activated by runtime API/CLI use, not npm install. Source inspection found no credential theft, hidden exfiltration, destructive behavior, or unconsented lifecycle mutation of AI-agent control surfaces.
Evidence
package.jsonbin/craftdriver.mjsdist/cli/index.jsdist/cli/init.jsdist/cli/dispatcher.jsdist/cli/mcp/tools.jsdist/lib/driverManager.jsdist/lib/service.js~/.cache/craftdriver/metadata.json~/.cache/craftdriver/chromedriver/...~/.cache/craftdriver/geckodriver/...AGENTS.md.github/copilot-instructions.mdCLAUDE.md.cursor/rules/craftdriver.mdcGEMINI.md
Network endpoints2
googlechromelabs.github.io/chrome-for-testing/known-good-versions-with-downloads.jsonapi.github.com/repos/mozilla/geckodriver/releases/latest

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/lib/driverManager.js downloads chromedriver/geckodriver binaries at runtime when no local driver is found
  • dist/cli/init.js can write AI-agent instruction files such as AGENTS.md, CLAUDE.md, GEMINI.md on explicit init command
  • dist/cli/mcp/tools.js exposes browser_advanced_eval for caller-supplied page JavaScript via MCP
Evidence against
  • package.json has no install/preinstall/postinstall hook; only prepublishOnly build/lint
  • bin/craftdriver.mjs only imports dist/cli/index.js when the CLI is invoked
  • dist/lib/driverManager.js network use is package-aligned driver resolution from Chrome for Testing and Mozilla GitHub releases
  • dist/lib/driverManager.js extraction uses spawnSync with fixed argv arrays, not shell string execution
  • dist/cli/init.js writes bounded first-party guidance files only on explicit craftdriver init and respects --dry-run/--force
  • No credential harvesting or exfiltration logic found in inspected source
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 52 file(s), 462 KB of source, external domains: 127.0.0.1, api.github.com, example.com, googlechromelabs.github.io, www.npmjs.com

Source & flagged code

7 flagged · loading source
dist/cli/index.jsView file
12*/ L13: import { spawn } from 'child_process'; L14: import { fileURLToPath } from 'url';
High
Child Process

Package source references child process execution.

dist/cli/index.jsView on unpkg · L12
12Cross-file remote execution chain: dist/cli/index.js spawns dist/lib/browser.js; helper contains network access plus dynamic code execution. L12: */ L13: import { spawn } from 'child_process'; L14: import { fileURLToPath } from 'url'; ... L27: if (parsed === null) { L28: process.stdout.write(HELP_TEXT); L29: return 0; ... L100: if (flags.headless === true) L101: process.env.HEADLESS = 'true'; L102: else if (flags.headless === false) ... L171: const dryRun = parsed.args['dry-run'] === true || parsed.args.dryRun === true; L172: const result = runInit({ flavor: flavor, cwd: process.cwd(), force, dryRun }); L173: const prefix = dryRun ? '[dry-run] ' : '';
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/cli/index.jsView on unpkg · L12
dist/lib/driverManager.jsView file
matchType = previous_version_dangerous_delta matchedPackage = craftdriver@1.0.1 matchedIdentity = npm:Y3JhZnRkcml2ZXI:1.0.1 similarity = 0.766 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/lib/driverManager.jsView on unpkg
192// if the cache path contains special characters. L193: const r = spawnSync('powershell', [ L194: '-NoProfile', '-Command',
High
Shell

Package source references shell execution.

dist/lib/driverManager.jsView on unpkg · L192
25import os from 'os'; L26: import https from 'https'; L27: import { spawnSync } from 'child_process'; L28: import { fileURLToPath } from 'url'; ... L31: function cacheDir() { L32: return process.env.CRAFTDRIVER_CACHE_DIR ?? path.join(os.homedir(), '.cache', 'craftdriver'); L33: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/lib/driverManager.jsView on unpkg · L25
dist/lib/clock.jsView file
116// eslint-disable-next-line no-new-func L117: new Function(earliest.fn)(); L118: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/lib/clock.jsView on unpkg · L116
bin/craftdriver.mjsView file
23L24: const mod = await import(pathToFileURL(distEntry).href); L25: const rc = await mod.main(process.argv.slice(2));
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/craftdriver.mjsView on unpkg · L23

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/lib/driverManager.js
HighChild Processdist/cli/index.js
HighShelldist/lib/driverManager.js
HighSame File Env Network Executiondist/lib/driverManager.js
HighCross File Remote Execution Contextdist/cli/index.js
MediumDynamic Requirebin/craftdriver.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/lib/clock.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings