AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Install-time code modifies global Claude Code and Codex agent skill directories without user invocation. The dropped instruction file grants broad tools and instructs agents to route browser work through this package.
Decision evidence
public snapshot- package.json runs postinstall.
- scripts/install-skill.js writes ~/.claude/skills/ttj-skills-browser/SKILL.md.
- scripts/install-skill.js writes ~/.agents/skills/ttj-skills-browser/SKILL.md.
- The installed skill grants Bash, Read, Write and directs agent browser work through this package.
- dist/browser.js auto-updates via npm install -g when the CLI runs.
- No credential harvesting or external exfiltration found.
- Network use is npm registry version checking and user-directed browser navigation.
- CDP connects only to 127.0.0.1.
- Shell execution is used for Chrome/process discovery and package self-update.
Source & flagged code
5 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/browser.jsView on unpkg