registry  /  @100xprompt/cli-darwin-arm64  /  0.1.25

@100xprompt/cli-darwin-arm64@0.1.25

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user invocation of the CLI's MCP configuration feature; npm install triggers only codesigning.
Impact
Can alter project, local, or 100xprompt-owned MCP configuration when explicitly invoked.
Mechanism
User-invoked MCP configuration management
Rationale
No concrete malicious chain was found, but the bundled executable can mutate MCP configuration through an explicit CLI feature. Flag as a warning for agent-capability risk, not a publication block.
Evidence
package.jsonbin/100xprompt.mcp.json.mcp.local.json~/.config/100xprompt/.mcp.json
Network endpoints1
100xprompt.com/install

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/100xprompt` embeds MCP config handling for `.mcp.json` and `.mcp.local.json`.
  • Embedded help states MCP entries can be written to project `.mcp.json`, local `.mcp.local.json`, or `~/.config/100xprompt/.mcp.json`.
  • The bundled CLI includes process-spawn capability and runtime upgrade commands.
Evidence against
  • `package.json` postinstall only removes and ad-hoc-signs `./bin/100xprompt`; it contains no network or foreign agent-config mutation.
  • The package contains only `package.json` and the platform-native `bin/100xprompt` binary.
  • No embedded evidence established credential harvesting, exfiltration, destructive behavior, or stealth persistence.
  • Agent configuration behavior appears tied to an explicit CLI MCP feature, not npm install.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/100xpromptView file
path = bin/100xprompt kind = native_binary sizeBytes = 115515712 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/100xpromptView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License