AI Security Review
scanned 8h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Installation automatically creates globally discoverable Claude Code and Codex skill files. CLI startup silently checks npm and may launch a detached global package update.
Decision evidence
public snapshot- `package.json` runs `postinstall` automatically.
- `scripts/install-skill.js` writes global Claude/Codex skill files under `~/.claude` and `~/.agents`.
- `.claude/skills/ttj-skills-playwright/SKILL.md` enables agent invocation with Bash, Read, and Write tools.
- `dist/browser.js` performs a detached global `npm install -g ...@latest` after registry checks.
- `dist/cdp.js` accepts user-supplied JavaScript for execution in a browser CDP target.
- Install script copies only this package's named skill and does not alter existing agent settings.
- Registry traffic is limited to `https://registry.npmjs.org/ttj-skills-playwright/latest` for version checks.
- No source evidence of credential harvesting, remote exfiltration, obfuscated payloads, or destructive filesystem behavior.
- Chrome/CDP control and page evaluation are documented CLI capabilities activated by user commands.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/utils.jsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/browser.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/browser.jsView on unpkg