AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall mutates global Claude Code and Codex skill control surfaces without an explicit user command. The dropped skill can influence future AI-agent browser automation and arbitrary page evaluation.
Decision evidence
public snapshot- package.json: postinstall runs scripts/install-skill.js automatically.
- scripts/install-skill.js copies package SKILL.md into ~/.claude/skills/ttj-skills-playwright/SKILL.md.
- scripts/install-skill.js writes a transformed skill to ~/.agents/skills/ttj-skills-playwright/SKILL.md.
- scripts/install-skill.js creates ~/.ttj-skills-playwright-installed.
- The installed skill directs agents to auto-trigger browser commands and run eval.
- dist/browser.js auto-updates by executing npm install -g ttj-skills-playwright@latest.
- No credential harvesting or outbound exfiltration code was found.
- CDP connects only to 127.0.0.1 and browser actions are package-aligned.
- Registry access is limited to version checking for this package.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/browser.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkg