AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Risky behavior is limited to install-time native dependency rebuild and explicit Chrome Native Messaging setup for the advertised USRCP extension.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall; user-invoked extension setup; Chrome native host runtime
Impact
May remove local dependency build directories during install and create user Chrome native-messaging/USRCP config files during setup; no unauthorized exfiltration observed.
Mechanism
local better-sqlite3 rebuild and native-messaging ledger bridge
Rationale
Static source inspection found install/setup/runtime primitives, but they are transparent and aligned with a Chrome extension that stores Claude conversation turns in a local USRCP ledger. I found no remote payload retrieval, credential theft, network exfiltration, hidden persistence, or unconsented AI-agent control mutation.
Evidence
package.jsondist/setup.jsdist/config.jsdist/manifest.jsondist/service-worker.jsdist/content-claude.jsnative-host/usrcp-bridge.cjsnode_modules/better-sqlite3/buildnode_modules/usrcp-local/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/build~/.usrcp/native-host/usrcp-extension-bridge.sh~/.usrcp/extension-config.json~/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.usrcp.bridge.json~/.config/google-chrome/NativeMessagingHosts/com.usrcp.bridge.json
Network endpoints1
claude.ai/*
Decision evidence
public snapshotAI called this Clean at 84.0% confidence as Benign with high false-positive risk.
Evidence for block
- package.json has postinstall deleting better-sqlite3 build dirs and running npm rebuild
- dist/setup.js chmods native-host/usrcp-bridge.cjs and writes Chrome Native Messaging manifest
- dist/config.js writes ~/.usrcp/native-host/usrcp-extension-bridge.sh and ~/.usrcp/extension-config.json
- native-host/usrcp-bridge.cjs dynamically requires local usrcp-core ledger module
Evidence against
- postinstall is scoped to local better-sqlite3 rebuild; no payload download or network call found
- Extension permissions are limited to nativeMessaging/storage/scripting and https://claude.ai/*
- Browser code captures claude.ai completion stream and passes it to local native host, matching package description
- memory.search is constrained by configured allowed_domains; no external exfiltration endpoint found
- No eval/Function, destructive traversal, credential harvesting, or AI-agent control-surface writes found
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-local/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream...
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-local/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream...
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgnative-host/usrcp-bridge.cjsView file
36L37: const path = require("node:path");
L38: const fs = require("node:fs");
Medium
Dynamic Require
Package source references dynamic require/import behavior.
native-host/usrcp-bridge.cjsView on unpkg · L36Findings
1 Critical1 High3 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirenative-host/usrcp-bridge.cjs
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings