AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package has powerful browser automation and install/setup behavior, but inspected code keeps it aligned with pire-browser setup, Pi migration, and user-invoked commands.
Decision evidence
public snapshot- package.json has postinstall: node scripts/pi-postinstall.mjs
- scripts/pi-postinstall.mjs spawns bin/pire-browser.js setup during install
- scripts/pi-install-migration.mjs can edit Pi settings and quarantine legacy pire-browser installs
- bin/pire-browser.js can spawn native binary and npm/pi update commands
- extension/dist/content.js supports user-commanded page eval
- Postinstall checks packaged files and runs package setup with update checks disabled
- Pi migration targets only known legacy pire-browser sources/shims and requires npm:pire-browser presence
- bin/pire-browser.js update apply is gated to explicit/global/Pi installs and skips local installs
- No credential/env harvesting or hardcoded exfiltration endpoint found
- Network/eval/cookie/storage capabilities match local Firefox automation tool purpose
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgPackage contains a possible secret pattern.
extension/dist/background.jsView on unpkg · L21This package version adds a dangerous source file absent from the previous stored version.
bin/pire-browser.jsView on unpkgPackage source references child process execution.
bin/pire-browser.jsView on unpkg · L1Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.
scripts/pi-postinstall.mjsView on unpkg · L2