AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM blocks this version under the AI-agent control-surface policy. Installing the package mutates global Claude Code and Codex skill directories without an explicit setup command. The dropped skill is auto-invocable and grants an agent broad local tools.
Decision evidence
public snapshot- `package.json` runs `node scripts/install-skill.js` in `postinstall`.
- `scripts/install-skill.js` writes package-supplied `SKILL.md` into `~/.claude/skills/ttj-skills-playwright` and `~/.agents/skills/ttj-skills-playwright`.
- The installed skill enables model invocation, broad auto-invoke keywords, and `Bash, Read, Write` tools.
- The postinstall also creates `~/.ttj-skills-playwright-installed` without a user command.
- `dist/browser.js` contains runtime self-update logic that invokes global npm installation.
- No credential harvesting or outbound exfiltration was found in inspected source.
- CDP browser control and page evaluation are exposed as explicit CLI functionality.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgSource gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/utils.jsView on unpkg · L5Install-time source drops package-supplied AI-agent/MCP control files or instructions.
scripts/install-skill.jsView on unpkg · L14This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/cli.jsView on unpkg