AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code modifies its own platform binary and creates package-owned configuration under the user home directory. No source-confirmed exfiltration or remote payload retrieval is present.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; runtime CLI invocation
Impact
Alters local package/config state and weakens macOS provenance checks for the installed binary; opaque optional binary behavior is outside the inspected source.
Mechanism
platform-binary preparation, macOS ad-hoc signing, and first-party config initialization
Rationale
The install hook has real, unsolicited local mutation and macOS signature-bypass behavior, but the inspected source does not establish malicious payload delivery, exfiltration, persistence outside its own config, or a foreign AI-agent takeover.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.jsbin/100xprompt~/.config/100xprompt/100xprompt.json~/.100xprompt/100xprompt.json/dev/tty
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `postinstall.mjs` on install.
- `postinstall.mjs` modifies a platform binary: chmod, symlink/copy, and macOS signature removal/ad-hoc signing.
- `postinstall.mjs` creates or merges `~/.config/100xprompt/100xprompt.json` or `~/.100xprompt/100xprompt.json` without a user command.
- Postinstall writes directly to `/dev/tty`, bypassing npm's usual output capture.
Evidence against
- No HTTP client, socket, download, or credential-harvesting code appears in the inspected sources.
- The only URL is a config `$schema`; source does not request it.
- The launcher only resolves an optional platform package and spawns its binary with inherited stdio.
- No eval, dynamic remote loading, broad agent-config writes, or destructive filesystem traversal was found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License