AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The postinstall hook installs a package-owned AI-agent skill into global Claude Code and Codex skill directories. The installed skill can lead agents to operate an existing Chrome instance through the package CLI, including page-JavaScript evaluation.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/install-skill.js` writes package content to `~/.claude/skills/ttj-skills-playwright` and `~/.agents/skills/ttj-skills-playwright`.
- Installed skill instructs AI agents to invoke a CDP CLI and run generated automation code.
- `dist/cli.js` exposes user-invoked arbitrary page JavaScript through `eval`.
- Skill prescribes randomized delays for bot-detection avoidance.
- No credential or environment-value collection found.
- No exfiltration endpoint or remote payload download found.
- Registry request only checks this package's latest version at runtime.
- Browser/CDP control is activated by explicit CLI or skill invocation.
- Lifecycle write is limited to a package-named first-party skill and marker file.
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14