AI Security Review
scanned 15h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The install trigger only re-signs the bundled package binary; runtime capabilities are an AI CLI's user-invoked network, subprocess, plugin, and LSP functionality.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; user runs 100xprompt CLI
Impact
No unconsented lifecycle mutation, credential exfiltration, or persistence confirmed.
Mechanism
native Bun CLI with app-aligned runtime features
Rationale
Static inspection shows a platform package for the 100xprompt CLI with a native binary and an install-time codesign repair step, but no lifecycle behavior that plants agent instructions, persists, harvests credentials, or exfiltrates data. Suspicious primitives in the bundle are consistent with a user-invoked AI/dev CLI and its own app namespace.
Evidence
package.jsonbin/100xpromptbin/index.js.mapbin/worker.js.mapbin/parser.worker.js.map~/.local/share/100xprompt/auth.json~/.local/share/100xprompt/plugins~/.config/100xprompt/100xprompt.json.100xprompt/command.100xprompt/agent.100xprompt/tool.100xprompt/plugin
Network endpoints6
100xprompt.com/installformulae.brew.sh/api/formula/100xprompt.jsonregistry.npmjs.orgapi.github.com/repos/nipurn123/100xprompt/releases/latestmodels.dev/api.jsonxprompt-marketplace-yvqciwedwq-uc.a.run.app/marketplace.json
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
- Ships large native Mach-O executable at bin/100xprompt.
- package.json postinstall runs codesign on ./bin/100xprompt.
- Bundled CLI source can spawn user-invoked tools/processes for LSP, tmux/iTerm, swarm, and upgrades.
Evidence against
- Postinstall only removes/reapplies ad-hoc signature on package binary and ignores failure.
- No install-time writes to Claude/Codex/Cursor/MCP or other foreign agent control surfaces found.
- Network URLs in source maps are package-aligned update/model/API/marketplace or user-invoked tool download endpoints.
- Auth data is stored under 100xprompt app data auth.json with chmod 0600; no exfiltration pattern found.
- Plugin/agent files are under .100xprompt or app-owned 100xprompt data paths, not broad foreign surfaces.
Behavioral surface
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = codesign --remove-signature ./bin/100xprompt || true; codesign --sign - --force --preserve-metadata=entitlements,requirements,flags,runtime ./bin/100xprompt || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/100xpromptView file
•path = bin/100xprompt
kind = native_binary
sizeBytes = 118274128
magicHex = [redacted]
Medium
Findings
1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/100xprompt
LowScripts Present
LowNo License