AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation downloads and executes opaque native binaries from a remote release host. Runtime also accepts staged binary replacements prepared by the downloaded executable. No source-confirmed credential theft or foreign AI-agent control-surface mutation was found.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` postinstall, then `aca` CLI invocation
Impact
A compromised or malicious release host can supply arbitrary native code despite the same-origin manifest hash check.
Mechanism
remote binary bootstrap, execution, and staged self-update
Rationale
The shipped source is a remote opaque-payload carrier with install-time execution and runtime self-update behavior. It does not itself show a concrete malicious chain, so this warrants a warning rather than a publish block.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-bin-versionbin/.aca-pending-version
Network endpoints1
github.com/lokeshe09/aca-releases/releases/download/v0.0.35
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Unknown with low false-positive risk.
Evidence for warning
- `package.json` runs `node install.cjs` as `postinstall`.
- `install.cjs` downloads executable ACA and ripgrep payloads at install time.
- The SHA-256 manifest and payload are both fetched from the same remotely controlled release base.
- `cli-wrapper.cjs` executes the downloaded binary and applies its staged `.pending` updates.
- `install.cjs` also downloads `bin/aca.vsix`, an opaque IDE-extension payload.
Evidence against
- Reviewed JavaScript has no credential harvesting, environment enumeration, or exfiltration.
- Writes and renames are limited to the package-local `bin/` directory.
- No source-level writes to AI-agent configuration, shell profiles, VCS hooks, or user files were found.
- No `eval`, `vm`, dynamic JavaScript loading, or shell-string execution appears in shipped source.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License