registry  /  @100xprompt/cli-darwin-x64  /  0.1.2

@100xprompt/cli-darwin-x64@0.1.2

AI Security Review

scanned 15h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The install trigger only re-signs the bundled package binary; runtime capabilities are an AI CLI's user-invoked network, subprocess, plugin, and LSP functionality.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; user runs 100xprompt CLI
Impact
No unconsented lifecycle mutation, credential exfiltration, or persistence confirmed.
Mechanism
native Bun CLI with app-aligned runtime features
Rationale
Static inspection shows a platform package for the 100xprompt CLI with a native binary and an install-time codesign repair step, but no lifecycle behavior that plants agent instructions, persists, harvests credentials, or exfiltrates data. Suspicious primitives in the bundle are consistent with a user-invoked AI/dev CLI and its own app namespace.
Evidence
package.jsonbin/100xpromptbin/index.js.mapbin/worker.js.mapbin/parser.worker.js.map~/.local/share/100xprompt/auth.json~/.local/share/100xprompt/plugins~/.config/100xprompt/100xprompt.json.100xprompt/command.100xprompt/agent.100xprompt/tool.100xprompt/plugin
Network endpoints6
100xprompt.com/installformulae.brew.sh/api/formula/100xprompt.jsonregistry.npmjs.orgapi.github.com/repos/nipurn123/100xprompt/releases/latestmodels.dev/api.jsonxprompt-marketplace-yvqciwedwq-uc.a.run.app/marketplace.json

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Ships large native Mach-O executable at bin/100xprompt.
  • package.json postinstall runs codesign on ./bin/100xprompt.
  • Bundled CLI source can spawn user-invoked tools/processes for LSP, tmux/iTerm, swarm, and upgrades.
Evidence against
  • Postinstall only removes/reapplies ad-hoc signature on package binary and ignores failure.
  • No install-time writes to Claude/Codex/Cursor/MCP or other foreign agent control surfaces found.
  • Network URLs in source maps are package-aligned update/model/API/marketplace or user-invoked tool download endpoints.
  • Auth data is stored under 100xprompt app data auth.json with chmod 0600; no exfiltration pattern found.
  • Plugin/agent files are under .100xprompt or app-owned 100xprompt data paths, not broad foreign surfaces.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
Manifest
NoLicense
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/100xpromptView file
path = bin/100xprompt kind = native_binary sizeBytes = 118274128 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/100xpromptView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License