registry  /  100xprompt-cli  /  0.1.24

100xprompt-cli@0.1.24

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code modifies its own platform binary and creates package-owned configuration under the user home directory. No source-confirmed exfiltration or remote payload retrieval is present.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; runtime CLI invocation
Impact
Alters local package/config state and weakens macOS provenance checks for the installed binary; opaque optional binary behavior is outside the inspected source.
Mechanism
platform-binary preparation, macOS ad-hoc signing, and first-party config initialization
Rationale
The install hook has real, unsolicited local mutation and macOS signature-bypass behavior, but the inspected source does not establish malicious payload delivery, exfiltration, persistence outside its own config, or a foreign AI-agent takeover.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.jsbin/100xprompt~/.config/100xprompt/100xprompt.json~/.100xprompt/100xprompt.json/dev/tty

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall.mjs` on install.
  • `postinstall.mjs` modifies a platform binary: chmod, symlink/copy, and macOS signature removal/ad-hoc signing.
  • `postinstall.mjs` creates or merges `~/.config/100xprompt/100xprompt.json` or `~/.100xprompt/100xprompt.json` without a user command.
  • Postinstall writes directly to `/dev/tty`, bypassing npm's usual output capture.
Evidence against
  • No HTTP client, socket, download, or credential-harvesting code appears in the inspected sources.
  • The only URL is a config `$schema`; source does not request it.
  • The launcher only resolves an optional platform package and spawns its binary with inherited stdio.
  • No eval, dynamic remote loading, broad agent-config writes, or destructive filesystem traversal was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 14.1 KB of source, external domains: proxy.100xprompt.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License