AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a kernel client SDK whose network behavior is runtime, user/config/schema-directed HTTP or WebSocket transport.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm preinstall attempts missing workspace check; runtime API calls may send requests when user constructs and uses a client
Impact
No credential harvesting, persistence, destructive action, or unsolicited control-surface mutation found
Mechanism
client transport library with inert missing preinstall helper
Rationale
Static inspection shows the scary lifecycle hook references a non-packaged helper inside a swallowed try/catch, while published dist code is a normal SDK transport layer activated by user calls. No concrete exfiltration, install-time mutation, payload execution, or AI-agent control-surface write was found.
Evidence
package.jsondist/index.jsdist/client/client.jsdist/transport/fetch.jsdist/transport/http-envelope.jsdist/transport/http-routed.jsdist/transport/ws-envelope.js
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines preinstall node -e require('./.check-workspace.cjs') catch{}
- Referenced .check-workspace.cjs is absent from package root, so preinstall does not run package code
Evidence against
- package.json files only publishes dist; no bin entries
- dist/index.js is re-export surface with no import-time side effects
- dist/transport/http-envelope.js and http-routed.js only fetch caller/schema-provided kernel URLs
- dist/transport/ws-envelope.js opens WebSocket only from constructed client URL at runtime
- rg found no fs/child_process/native/eval/agent-config mutation indicators in dist
Behavioral surface
FilesystemWebSocket
HighEntropyStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings