AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time script performs first-party CLI setup and creates package-owned config in the user's home config directory. No confirmed malicious exfiltration or foreign AI-agent hijack was found.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; user runs 100xprompt CLI
Impact
Warn-level lifecycle risk from install-time user config mutation and platform binary execution path; no publish block evidence.
Mechanism
postinstall config creation plus native binary wrapper
Rationale
Source inspection shows first-party install-time setup for a CLI with package-owned config mutation, but no concrete malicious chain, exfiltration, remote payload fetch, or foreign/broad AI-agent control-surface hijack. This fits a warn-level lifecycle risk rather than a block.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.js$XDG_CONFIG_HOME/100xprompt/100xprompt.json~/.100xprompt/100xprompt.jsonbin/100xpromptbin/100xprompt.exe
Network endpoints1
proxy.100xprompt.com/config.json
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: bun/node postinstall.mjs
- postinstall.mjs writes or merges user config at $XDG_CONFIG_HOME/100xprompt/100xprompt.json or ~/.100xprompt/100xprompt.json
- postinstall.mjs chmods, symlinks/copies platform binary and macOS codesigns it
- bin/100xprompt.js spawns platform optionalDependency binary with inherited env
Evidence against
- No fetch/http/socket code or exfiltration endpoint found
- Only network string is schema URL https://proxy.100xprompt.com/config.json
- No credential harvesting, destructive commands, eval/vm/Function, or persistence outside package-owned config
- Runtime wrapper only resolves @100xprompt platform packages and forwards CLI args
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License