AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are aligned with a browser QA CLI: Chromium installation, browser automation, local config/trace writes, and API calls for user-requested tests.
Decision evidence
public snapshot- package.json has postinstall lifecycle: node scripts/postinstall.js
- scripts/postinstall.js spawns bundled playwright-core CLI to install Chromium
- CLI can write project .env/.tester-h files during explicit login/init/record/replay flows
- Runtime sends user-invoked QA/model requests to H Company, Xray/Jira, and npm registry update-check endpoints
- postinstall uses process.execPath argv array for bundled playwright-core install chromium, with dry-run/lockfile/skip guards
- No install/import-time credential harvesting or arbitrary shell execution found
- Auth writes preserve HAI_API_KEY locally in project .env with chmod 0600 and gitignore guard
- Network hosts are fixed/package-aligned or user-configured QA targets, not covert exfiltration endpoints
- Agent/MCP behavior is documented CLI functionality and user-invoked
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references weak cryptographic algorithms.
dist/visualize/project.jsView on unpkg · L32This package version adds a dangerous source file absent from the previous stored version.
dist/index.jsView on unpkg