registry  /  100xprompt-cli  /  0.1.26

100xprompt-cli@0.1.26

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code mutates package-owned binary setup and creates/updates package-owned user configuration. No credential harvesting, exfiltration, remote retrieval, or foreign AI-agent control-surface mutation is established.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; user invocation of `100xprompt`
Impact
Persistent package-owned configuration and local binary permission/signature changes at install time.
Mechanism
platform-binary setup plus first-party config initialization
Rationale
Source inspection does not establish malicious behavior, but unprompted postinstall mutation of first-party user configuration and binary signing warrants a warning under the lifecycle policy.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.js~/.config/100xprompt/100xprompt.json~/.100xprompt/100xprompt.json

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall.mjs` on install.
  • `postinstall.mjs` creates or merges `100xprompt` config under the user's home directory during install.
  • `postinstall.mjs` removes and ad-hoc re-signs the platform binary on macOS.
Evidence against
  • No HTTP client, shell execution, eval, or dynamic payload loading appears in inspected source.
  • The only child-process calls are fixed-argument macOS `codesign` invocations.
  • The runtime launcher only resolves a bundled platform binary and forwards user CLI arguments.
  • The config contains compaction defaults; the schema URL is stored but never fetched by this package.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 14.1 KB of source, external domains: proxy.100xprompt.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License