registry  /  tester-h  /  0.4.0

tester-h@0.4.0

tester-h — run an H QA agent against your web app from the command line.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The risky primitives are aligned with a browser QA CLI: Chromium installation, browser automation, local config/trace writes, and API calls for user-requested tests.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install for Chromium download; explicit CLI commands for network tests or local writes
Impact
Installs browser dependency and runs user-requested web QA sessions; no evidence of covert persistence, credential theft, or destructive behavior
Mechanism
package-aligned Playwright installer and QA automation CLI
Rationale
Static source inspection found lifecycle and network behavior, but it is transparent, documented, and necessary for a Playwright/H Company QA agent CLI. I found no covert exfiltration, destructive actions, unconsented AI-agent control-surface mutation, or staged payload carrier.
Evidence
package.jsonscripts/postinstall.jsdist/index.jsdist/auth.jsdist/paths.jsdist/regions.jsdist/holo/llm.jsdist/sessions-runner.jsdist/version-check.js<project>/.env<project>/.gitignore<project>/.tester-h/tester-h.yaml<project>/.tester-h/trajectories/*.json<project>/.tester-h/runs/*~/.tester-h/version-check.json
Network endpoints7
portal.hcompany.aiportal.eu.hcompany.aiagp.hcompany.aiagp.eu.hcompany.aiapi.hcompany.airegistry.npmjs.org/-/package/tester-h/dist-tagsxray.cloud.getxray.app

Decision evidence

public snapshot
AI called this Clean at 89.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has postinstall lifecycle: node scripts/postinstall.js
  • scripts/postinstall.js spawns bundled playwright-core CLI to install Chromium
  • CLI can write project .env/.tester-h files during explicit login/init/record/replay flows
  • Runtime sends user-invoked QA/model requests to H Company, Xray/Jira, and npm registry update-check endpoints
Evidence against
  • postinstall uses process.execPath argv array for bundled playwright-core install chromium, with dry-run/lockfile/skip guards
  • No install/import-time credential harvesting or arbitrary shell execution found
  • Auth writes preserve HAI_API_KEY locally in project .env with chmod 0600 and gitignore guard
  • Network hosts are fixed/package-aligned or user-configured QA targets, not covert exfiltration endpoints
  • Agent/MCP behavior is documented CLI functionality and user-invoked
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 89 file(s), 776 KB of source, external domains: agp.eu.hcompany.ai, agp.hcompany.ai, api.hcompany.ai, app.example.com, example.com, id.atlassian.com, nodejs.org, portal.eu.hcompany.ai, portal.hcompany.ai, probe.invalid, registry.npmjs.org, staging.example.com, xray.cloud.getxray.app, your.atlassian.net

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/visualize/project.jsView file
32screenshots_dir: z.string().optional(), L33: stdout: z.string().optional(), L34: }) ... L51: if (input === '~') { L52: return homedir(); L53: } ... L147: try { L148: const raw = TrajectoryFileSchema.parse(JSON.parse(await readFile(file, 'utf-8'))); L149: const fileBase = basename(file, '.json');
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/visualize/project.jsView on unpkg · L32
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = tester-h@0.3.7 matchedIdentity = npm:dGVzdGVyLWg:0.3.7 similarity = 0.916 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/index.jsView on unpkg

Findings

1 Critical1 High4 Medium7 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/visualize/project.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License