AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. An npm postinstall unconditionally mutates global Claude Code and Codex skill directories with package-controlled instructions. The installed skill is auto-invocable and can steer future agent browser actions; CLI startup can then self-update from npm.
Decision evidence
public snapshot- `package.json` executes `scripts/install-skill.js` via `postinstall`.
- `scripts/install-skill.js` copies package-controlled `SKILL.md` into `~/.claude/skills/ttj-skills-playwright/`.
- The same postinstall writes a Codex skill to `~/.agents/skills/ttj-skills-playwright/` and a home-directory flag.
- Installed `SKILL.md` enables automatic invocation and directs agents to route browser actions through this package.
- `dist/browser.js` checks `registry.npmjs.org` and runs `npm install -g ttj-skills-playwright@latest` during CLI startup when newer.
- No credential-file harvesting or external data-exfiltration path was found.
- CDP traffic is limited to `127.0.0.1`; registry access is package-update related.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/browser.jsView on unpkg