registry  /  pire-browser  /  0.2.9

pire-browser@0.2.9

Cross-platform Pi extension and Firefox bridge for local browser automation

AI Security Review

scanned 3d ago · by lpm-firewall-ai

LPM blocks this version under the AI-agent control-surface policy. The package mutates Pi agent control-surface state from an npm lifecycle path. During postinstall it runs setup and may schedule a worker that edits Pi settings and removes legacy pire-browser registrations/shims.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install/postinstall in a Pi-managed install
Impact
Can alter the user's Pi package registrations and extension shim files outside the package during installation.
Mechanism
unconsented lifecycle Pi settings migration
Policy narrative
On install, package.json invokes scripts/pi-postinstall.mjs. That script runs bin/pire-browser.js setup and calls schedulePiPackageMigration. In a Pi-managed install, scripts/pi-install-migration.mjs starts a detached worker which waits for npm:pire-browser to appear, then rewrites Pi settings, removes legacy package sources, deletes a legacy extension shim, and renames managed legacy install directories. The behavior is framed as migration, but it is automatic lifecycle mutation of an AI agent/browser tool control surface.
Rationale
Source inspection confirms install-time mutation of Pi agent settings and extension registration files, which is an unconsented lifecycle AI-agent control-surface change even though much of the browser automation functionality is package-aligned. No separate credential theft or exfiltration path was found. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsonscripts/pi-postinstall.mjsbin/pire-browser.jsscripts/pi-install-migration.mjs$PI_HOME/agent/settings.json.pi/settings.jsonextensions/pire-browser.ts

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for policy block
  • package.json defines postinstall: node scripts/pi-postinstall.mjs.
  • scripts/pi-postinstall.mjs runs bin/pire-browser.js setup during install.
  • scripts/pi-postinstall.mjs schedules scripts/pi-install-migration.mjs after install when Pi-managed.
  • scripts/pi-install-migration.mjs can rewrite settings.json, unlink legacy extension shim, and rename legacy managed install dirs.
  • bin/pire-browser.js pi repair writes repair reports under user data and can mutate Pi settings on command.
Evidence against
  • Behavior is mostly package-aligned for a Firefox/Pi browser automation bridge.
  • No credential harvesting or arbitrary env/file exfiltration found in inspected JS/TS sources.
  • Network update check uses npm CLI at runtime and is disabled during postinstall setup.
  • child_process use launches native optional dependency, npm/pi update commands, or package helper scripts.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 571 KB of source, external domains: example.com, github.com

Source & flagged code

5 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/pi-postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
extension/dist/background.jsView file
21patternName = generic_password severity = medium line = 21 matchedText = password...rd',
Medium
Secret Pattern

Package contains a possible secret pattern.

extension/dist/background.jsView on unpkg · L21
bin/pire-browser.jsView file
matchType = previous_version_dangerous_delta matchedPackage = pire-browser@0.2.8 matchedIdentity = npm:cGlyZS1icm93c2Vy:0.2.8 similarity = 0.900 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/pire-browser.jsView on unpkg
1#!/usr/bin/env node L2: import { spawn, spawnSync } from "node:child_process"; L3: import {
High
Child Process

Package source references child process execution.

bin/pire-browser.jsView on unpkg · L1
scripts/pi-postinstall.mjsView file
2Cross-file remote execution chain: scripts/pi-postinstall.mjs spawns extension/dist/background.js; helper contains network access plus dynamic code execution. L2: import { dirname, join } from "node:path"; L3: import { spawnSync } from "node:child_process"; L4: import { fileURLToPath } from "node:url"; ... L8: L9: if (process.env.PIRE_BROWSER_SKIP_POSTINSTALL === "1") { L10: process.exit(0);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

scripts/pi-postinstall.mjsView on unpkg · L2

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltabin/pire-browser.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/pire-browser.js
HighShell
HighCross File Remote Execution Contextscripts/pi-postinstall.mjs
MediumSecret Patternextension/dist/background.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings