AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Installation automatically mutates global Claude Code and Codex skill directories with package-supplied instructions. The installed CLI can launch a dedicated Chrome profile and run supplied JavaScript in its active page; no source-confirmed exfiltration chain was found.
Decision evidence
public snapshot- `postinstall` executes `scripts/install-skill.js`.
- Installer copies package skill into `~/.claude/skills/ttj-skills-browser/SKILL.md`.
- Installer writes converted skill to `~/.agents/skills/ttj-skills-browser/SKILL.md`.
- Installed skill directs agents to invoke browser control commands and the CLI can evaluate user-supplied page JavaScript.
- Runtime auto-update queries `https://registry.npmjs.org/ttj-browser/latest` and can globally install the package.
- AI-agent writes are confined to package-owned `ttj-skills-browser` skill directories.
- No credential, environment, or arbitrary-file harvesting is present.
- No outbound exfiltration endpoint or remote payload execution was found.
- Browser eval, navigation, screenshots, and Chrome launch require explicit CLI or skill invocation.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14