AI Security Review
scanned 3h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
No blocking static signals were detected.
Trigger
User runs `newton-browser --install codex` or `--install claude-desktop`; otherwise user runs the CLI.
Impact
A user-invoked install can cause compatible AI clients to launch this package later; runtime browser control is a declared package capability.
Mechanism
Explicit MCP client configuration mutation and localhost browser-control relay.
Rationale
This is not malicious: it has no npm lifecycle execution, remote payload path, or credential theft behavior. Warn because an explicit command mutates AI-agent client configuration and registers persistent future execution.
Evidence
package.jsonREADME.mddist/index.js~/.codex/config.tomlClaude/claude_desktop_config.json<config-dir>/newton-browser/pairing.json
Network endpoints2
127.0.0.1:${port}/doctor-status127.0.0.1:17321
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.js` implements explicit `--install` configuration updates for Codex and Claude Desktop.
- The install path writes MCP entries invoking `npx --yes --package newton-browser@0.4.0 newton-browser` and creates backups.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- Entrypoint runs only as the `newton-browser` CLI; no import-time side effects.
- `dist/index.js` uses only stdio and loopback `127.0.0.1` HTTP/WebSocket transport.
- No child-process execution, eval/vm, dynamic loading, or non-local network endpoint was found.
- Pairing secrets are generated locally with restrictive file modes; redaction code removes sensitive data from observations.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkWebSocket
UrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/index.js` implements explicit `--install` configuration updates for Codex and Claude Desktop.
dist/index.jsView on unpkgFindings
4 Medium3 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowUrl Strings