registry  /  100xprompt-cli  /  0.1.1

100xprompt-cli@0.1.1

AI Security Review

scanned 18h ago · by lpm-firewall-ai

The package has install-time behavior, but it is limited to preparing its own platform binary and initializing package-owned configuration. Runtime delegates to a platform-specific @100xprompt native binary when the user invokes the CLI.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall and explicit 100xprompt CLI execution
Impact
No confirmed malicious behavior in inspected JavaScript; native optional packages are not present in this source root for deeper binary review.
Mechanism
platform binary wrapper plus package-owned config initialization
Rationale
Source inspection shows a conventional thin npm wrapper for platform-specific binaries with postinstall setup for executable bits, macOS ad-hoc signing, symlink/copy, and package-owned config defaults. The lifecycle hook is notable but does not mutate foreign agent control surfaces, persist broadly, harvest credentials, or perform network exfiltration in the inspected package source.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.jsbin/100xpromptbin/100xprompt.exe$XDG_CONFIG_HOME/100xprompt/100xprompt.json~/.100xprompt/100xprompt.json

Decision evidence

public snapshot
AI called this Clean at 84.0% confidence as Benign with low false-positive risk.
Evidence for block
  • postinstall.mjs lifecycle creates or merges user home config at XDG_CONFIG_HOME/100xprompt/100xprompt.json or ~/.100xprompt/100xprompt.json.
  • postinstall.mjs chmods, symlinks/copies, and on macOS runs codesign against the package platform binary.
  • bin/100xprompt.js spawns an optional native platform binary with inherited environment on explicit CLI invocation.
Evidence against
  • No network request code found in package source; schema URL is only a config string.
  • No credential harvesting, env enumeration beyond pass-through spawn, or exfiltration logic in inspected JS.
  • No writes to foreign AI-agent control surfaces such as Claude/Codex/Cursor/MCP configs.
  • Lifecycle file mutations are package-aligned: own bin directory and 100xprompt config namespace.
  • Optional dependencies are scoped @100xprompt platform binary packages matching the CLI wrapper.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 14.1 KB of source, external domains: proxy.100xprompt.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License