AI Security Review
scanned 2h ago · by lpm-firewall-aiReview flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Explicit user invocation of the CLI's MCP configuration feature; npm install triggers only codesigning.
Impact
Can alter project, local, or 100xprompt-owned MCP configuration when explicitly invoked.
Mechanism
User-invoked MCP configuration management
Rationale
No concrete malicious chain was found, but the bundled executable can mutate MCP configuration through an explicit CLI feature. Flag as a warning for agent-capability risk, not a publication block.
Evidence
package.jsonbin/100xprompt.mcp.json.mcp.local.json~/.config/100xprompt/.mcp.json
Network endpoints1
100xprompt.com/install
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `bin/100xprompt` embeds MCP config handling for `.mcp.json` and `.mcp.local.json`.
- Embedded help states MCP entries can be written to project `.mcp.json`, local `.mcp.local.json`, or `~/.config/100xprompt/.mcp.json`.
- The bundled CLI includes process-spawn capability and runtime upgrade commands.
Evidence against
- `package.json` postinstall only removes and ad-hoc-signs `./bin/100xprompt`; it contains no network or foreign agent-config mutation.
- The package contains only `package.json` and the platform-native `bin/100xprompt` binary.
- No embedded evidence established credential harvesting, exfiltration, destructive behavior, or stealth persistence.
- Agent configuration behavior appears tied to an explicit CLI MCP feature, not npm install.
Behavioral surface
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/100xpromptView file
•path = bin/100xprompt
kind = native_binary
sizeBytes = 115515712
magicHex = [redacted]
Medium
Findings
1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License