AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. npm postinstall silently installs package-controlled agent instructions into global Claude Code and Codex skill directories. The installed skill can auto-invoke and directs agents to use its browser-control CLI.
Decision evidence
public snapshot- `package.json` runs `postinstall` on npm installation.
- `scripts/install-skill.js` copies package `SKILL.md` into `~/.claude/skills/ttj-skills-playwright/`.
- `scripts/install-skill.js` writes a converted skill into `~/.agents/skills/ttj-skills-playwright/`.
- `.claude/skills/ttj-skills-playwright/SKILL.md` enables broad auto-invocation and permits Bash, Read, and Write.
- The lifecycle script creates `~/.ttj-skills-playwright-installed` without user interaction.
- No credential harvesting or external data-exfiltration code was found.
- The only package network endpoint inspected is npm registry version checking.
- Browser/CDP automation is exposed as explicit CLI functionality, not an install-time payload.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/cli.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/browser.jsView on unpkg