AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall mutates two user-global AI-agent skill directories. It installs package-authored instructions that affect future Claude Code and Codex sessions without an explicit setup command.
Decision evidence
public snapshot- package.json runs postinstall: node scripts/install-skill.js.
- scripts/install-skill.js copies package SKILL.md into ~/.claude/skills/ttj-skills-browser.
- scripts/install-skill.js writes transformed content into ~/.agents/skills/ttj-skills-browser/SKILL.md.
- The postinstall also creates ~/.ttj-skills-browser-installed without user invocation.
- dist/cdp.js exposes arbitrary page JavaScript through the eval CLI command.
- No credential harvesting or exfiltration was found in inspected runtime modules.
- Registry access in dist/utils.js is a version-check request to registry.npmjs.org.
- CDP automation is activated by explicit CLI commands and connects only to 127.0.0.1.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/browser.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg