registry  /  usrcp-extension  /  0.2.0

usrcp-extension@0.2.0

Chrome browser extension for capturing claude.ai conversations into the USRCP ledger

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky behavior is limited to install-time native dependency rebuild and explicit Chrome Native Messaging setup for the advertised USRCP extension.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall; user-invoked extension setup; Chrome native host runtime
Impact
May remove local dependency build directories during install and create user Chrome native-messaging/USRCP config files during setup; no unauthorized exfiltration observed.
Mechanism
local better-sqlite3 rebuild and native-messaging ledger bridge
Rationale
Static source inspection found install/setup/runtime primitives, but they are transparent and aligned with a Chrome extension that stores Claude conversation turns in a local USRCP ledger. I found no remote payload retrieval, credential theft, network exfiltration, hidden persistence, or unconsented AI-agent control mutation.
Evidence
package.jsondist/setup.jsdist/config.jsdist/manifest.jsondist/service-worker.jsdist/content-claude.jsnative-host/usrcp-bridge.cjsnode_modules/better-sqlite3/buildnode_modules/usrcp-local/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/build~/.usrcp/native-host/usrcp-extension-bridge.sh~/.usrcp/extension-config.json~/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.usrcp.bridge.json~/.config/google-chrome/NativeMessagingHosts/com.usrcp.bridge.json
Network endpoints1
claude.ai/*

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with high false-positive risk.
Evidence for block
  • package.json has postinstall deleting better-sqlite3 build dirs and running npm rebuild
  • dist/setup.js chmods native-host/usrcp-bridge.cjs and writes Chrome Native Messaging manifest
  • dist/config.js writes ~/.usrcp/native-host/usrcp-extension-bridge.sh and ~/.usrcp/extension-config.json
  • native-host/usrcp-bridge.cjs dynamically requires local usrcp-core ledger module
Evidence against
  • postinstall is scoped to local better-sqlite3 rebuild; no payload download or network call found
  • Extension permissions are limited to nativeMessaging/storage/scripting and https://claude.ai/*
  • Browser code captures claude.ai completion stream and passes it to local native host, matching package description
  • memory.search is constrained by configured allowed_domains; no external exfiltration endpoint found
  • No eval/Function, destructive traversal, credential harvesting, or AI-agent control-surface writes found
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 37.1 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-local/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream...
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-local/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream...
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
native-host/usrcp-bridge.cjsView file
36L37: const path = require("node:path"); L38: const fs = require("node:fs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

native-host/usrcp-bridge.cjsView on unpkg · L36

Findings

1 Critical1 High3 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirenative-host/usrcp-bridge.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings