AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package has an install-time remote binary downloader. Source inspection does not show exfiltration or destructive behavior, but the downloaded executable is not verifiable from the package contents.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs apex CLI
Impact
Unpinned remote executable can change package behavior outside npm tarball review scope.
Mechanism
postinstall downloads and installs platform-specific native executable
Rationale
Static source inspection supports a warning for an unverified install-time remote executable, not a publish block for confirmed malware. The reviewed JS does not harvest credentials, mutate agent control surfaces, persist stealthily, or exfiltrate data.
Evidence
package.jsoninstall.jsapex.jsREADME.mdbin/apexbin/apex.exe
Network endpoints4
github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-linux-x64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-darwin-arm64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-darwin-x64github.com/Apex-Foundation/copilot/releases/download/v1.0.5/apex-windows-x64.exe
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads a platform executable from GitHub releases during install
- install.js writes bin/apex or bin/apex.exe and chmods it executable
- No checksum, signature, or pinned digest validation is present before execution by apex.js
Evidence against
- apex.js only delegates user-invoked CLI args to the downloaded package binary
- No source evidence of credential harvesting, destructive actions, persistence, or AI-agent config mutation
- No obfuscated JavaScript or prompt/reviewer manipulation found
- README describes a coding-agent CLI and optional user-configured Hindsight backend
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings