AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installation silently mutates global Claude Code and Codex skill directories with package-controlled instructions. Runtime also self-updates globally after a registry check.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/install-skill.js` copies bundled skill to `~/.claude/skills/ttj-skills-browser/SKILL.md`.
- The same postinstall writes to `~/.agents/skills/ttj-skills-browser/SKILL.md` and creates `~/.ttj-skills-browser-installed`.
- `dist/cli.js` invokes runtime auto-update before handling normal commands.
- `dist/browser.js` checks `registry.npmjs.org` then runs global `npm install -g ttj-skills-browser@latest` without consent.
- No source reads or transmits environment secrets, credentials, or SSH/cloud files.
- Observed network use is npm update checking and local CDP, not direct data exfiltration.
- Browser evaluation/navigation requires an explicit CLI command after installation.
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/browser.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg