registry  /  100xprompt-cli  /  0.1.22

100xprompt-cli@0.1.22

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time script performs first-party CLI setup and creates package-owned config in the user's home config directory. No confirmed malicious exfiltration or foreign AI-agent hijack was found.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; user runs 100xprompt CLI
Impact
Warn-level lifecycle risk from install-time user config mutation and platform binary execution path; no publish block evidence.
Mechanism
postinstall config creation plus native binary wrapper
Rationale
Source inspection shows first-party install-time setup for a CLI with package-owned config mutation, but no concrete malicious chain, exfiltration, remote payload fetch, or foreign/broad AI-agent control-surface hijack. This fits a warn-level lifecycle risk rather than a block.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.js$XDG_CONFIG_HOME/100xprompt/100xprompt.json~/.100xprompt/100xprompt.jsonbin/100xpromptbin/100xprompt.exe
Network endpoints1
proxy.100xprompt.com/config.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: bun/node postinstall.mjs
  • postinstall.mjs writes or merges user config at $XDG_CONFIG_HOME/100xprompt/100xprompt.json or ~/.100xprompt/100xprompt.json
  • postinstall.mjs chmods, symlinks/copies platform binary and macOS codesigns it
  • bin/100xprompt.js spawns platform optionalDependency binary with inherited env
Evidence against
  • No fetch/http/socket code or exfiltration endpoint found
  • Only network string is schema URL https://proxy.100xprompt.com/config.json
  • No credential harvesting, destructive commands, eval/vm/Function, or persistence outside package-owned config
  • Runtime wrapper only resolves @100xprompt platform packages and forwards CLI args
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 14.1 KB of source, external domains: proxy.100xprompt.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License