AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface in the inspected source. Install-time behavior prepares the package's native binary and creates a package-owned default config; runtime CLI delegates to the platform binary optional dependency.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall and user-invoked 100xprompt CLI
Impact
No source evidence of exfiltration, persistence, destructive behavior, or AI-agent control hijack
Mechanism
package-aligned binary wrapper and config initialization
Rationale
The lifecycle script performs expected package setup and writes only package-owned configuration, while the CLI wrapper only launches the corresponding platform package binary. Suspicious primitives are package-aligned and there is no source evidence of credential theft, network exfiltration, persistence, or foreign agent-surface mutation.
Evidence
package.jsonpostinstall.mjsbin/100xprompt.js$XDG_CONFIG_HOME/100xprompt/100xprompt.json~/.100xprompt/100xprompt.jsonbin/100xpromptbin/100xprompt.exe
Network endpoints1
proxy.100xprompt.com/config.json
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json runs postinstall.mjs at install time
- postinstall.mjs writes or merges package-owned config under XDG_CONFIG_HOME/100xprompt or ~/.100xprompt
- postinstall.mjs chmods, symlinks/copies, and on macOS codesigns the package platform binary
- bin/100xprompt.js spawns the resolved @100xprompt platform binary with inherited env
Evidence against
- No credential harvesting or exfiltration code found
- No network calls found; only a config schema URL string is present
- No writes to foreign AI-agent control surfaces, shell startup, VCS hooks, or persistence locations
- Lifecycle changes are package-aligned: binary setup and own config namespace
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License