registry  /  @100xprompt/cli-darwin-x64-baseline  /  0.1.1

@100xprompt/cli-darwin-x64-baseline@0.1.1

AI Security Review

scanned 18h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The install hook only re-signs the packaged binary, while broader agent and network capabilities appear runtime/user-invoked and product-aligned.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; runtime features require invoking 100xprompt CLI
Impact
No confirmed unconsented persistence, exfiltration, or agent control hijack
Mechanism
native CLI binary with codesign postinstall
Rationale
Static inspection found a large native Bun-based agent CLI, but the lifecycle behavior is limited to local code signing of its own binary and no unconsented install-time mutation of foreign agent surfaces. The suspicious primitives are user-invoked/product-aligned runtime capabilities rather than concrete malware.
Evidence
package.jsonbin/100xpromptbin/index.js.map
Network endpoints7
100xprompt.comapi.100xprompt.aiproxy.100xprompt.commodels.devregistry.npmjs.orgapi.github.comxprompt-marketplace-yvqciwedwq-uc.a.run.app/marketplace.json

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json has postinstall lifecycle hook
  • Package ships native Mach-O x86_64 executable at bin/100xprompt
  • Runtime source map includes user-invoked agent, MCP, plugin, LSP, and process-spawn features
Evidence against
  • postinstall only runs codesign remove/sign commands on ./bin/100xprompt with || true
  • No install-time writes to Claude/Codex/Cursor/MCP config or other foreign agent control surfaces found
  • Source maps show network calls tied to package functions: updates, models, plugins, GitHub, MCP, LSP downloads
  • Runtime child process use is CLI-aligned for tmux/iTerm panes, editors, LSP installs, and swarm workers
  • No credential harvesting or exfiltration behavior found in inspected package files
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/100xpromptView file
path = bin/100xprompt kind = native_binary sizeBytes = 118274128 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/100xpromptView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License