AI Security Review
scanned 5h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package has lifecycle setup for a native CLI wrapper and default config in the user's 100xprompt namespace. This is agent/AI CLI extension lifecycle risk, but no confirmed malicious behavior is present in the inspected source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall and user-invoked 100xprompt CLI
Impact
Can modify package/user 100xprompt files and execute the platform binary when the CLI is run
Mechanism
package-owned CLI binary setup and config generation
Policy narrative
On install, postinstall.mjs locates the optional platform package binary, normalizes permissions, optionally ad-hoc signs it on macOS, links or copies it into this package's bin directory, and creates/merges a default 100xprompt config in the user's config directory. At runtime, bin/100xprompt.js resolves and spawns that platform binary with CLI arguments and inherited environment. Inspection found no exfiltration, remote code retrieval, or unconsented foreign AI-agent surface mutation.
Rationale
The lifecycle hook performs broad enough agent/CLI setup to warrant a warning, but its writes are package-aligned and there is no concrete malicious attack surface in the inspected source. Marking as warn rather than block fits package-owned extension lifecycle risk.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.jsbin/100xprompt~/.config/100xprompt/100xprompt.json~/.100xprompt/100xprompt.json
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: bun ./postinstall.mjs || node ./postinstall.mjs
- postinstall.mjs creates or updates user config under XDG_CONFIG_HOME/100xprompt or ~/.100xprompt
- postinstall.mjs chmods, symlinks/copies, and on macOS codesigns a platform binary from optional @100xprompt packages
- bin/100xprompt.js spawns the resolved platform binary with inherited process.env
Evidence against
- No install-time network calls found; embedded proxy.100xprompt.com URL is a JSON schema value
- No credential harvesting, env enumeration, destructive behavior, persistence service, or foreign AI-agent control-surface writes found
- Lifecycle writes are package-aligned under 100xprompt config/binary paths
- Package contains only package.json, postinstall.mjs, and bin/100xprompt.js
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License