AI Security Review
scanned 18h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The install hook only re-signs the packaged binary, while broader agent and network capabilities appear runtime/user-invoked and product-aligned.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; runtime features require invoking 100xprompt CLI
Impact
No confirmed unconsented persistence, exfiltration, or agent control hijack
Mechanism
native CLI binary with codesign postinstall
Rationale
Static inspection found a large native Bun-based agent CLI, but the lifecycle behavior is limited to local code signing of its own binary and no unconsented install-time mutation of foreign agent surfaces. The suspicious primitives are user-invoked/product-aligned runtime capabilities rather than concrete malware.
Evidence
package.jsonbin/100xpromptbin/index.js.map
Network endpoints7
100xprompt.comapi.100xprompt.aiproxy.100xprompt.commodels.devregistry.npmjs.orgapi.github.comxprompt-marketplace-yvqciwedwq-uc.a.run.app/marketplace.json
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has postinstall lifecycle hook
- Package ships native Mach-O x86_64 executable at bin/100xprompt
- Runtime source map includes user-invoked agent, MCP, plugin, LSP, and process-spawn features
Evidence against
- postinstall only runs codesign remove/sign commands on ./bin/100xprompt with || true
- No install-time writes to Claude/Codex/Cursor/MCP config or other foreign agent control surfaces found
- Source maps show network calls tied to package functions: updates, models, plugins, GitHub, MCP, LSP downloads
- Runtime child process use is CLI-aligned for tmux/iTerm panes, editors, LSP installs, and swarm workers
- No credential harvesting or exfiltration behavior found in inspected package files
Behavioral surface
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/100xpromptView file
•path = bin/100xprompt
kind = native_binary
sizeBytes = 118274128
magicHex = [redacted]
Medium
Findings
1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License