AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package installs and launches bundled native message-box/WebView executables. Its per-user binary copies are package-aligned runtime support, with no confirmed exfiltration or remote payload chain.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or an application/CLI call to show a message box
Impact
Creates package-owned user-bin executable copies and can render user-provided local or remote web content.
Mechanism
local native-binary provisioning and stdio-driven UI launch
Rationale
Static inspection shows a native cross-platform dialog/WebView package whose postinstall provisions bundled binaries outside node_modules to avoid locked-file upgrade issues. The persistence-like file operations are package-aligned and no concrete malicious behavior, remote payload execution, credential access, or exfiltration was found.
Evidence
package.jsonmsger-native/builder/postinstall.jsshower.jscli.jsindex.jsmsger-native/bin/msgernativemsger-native/bin/msgernative.exemsger-native/bin/msgernative-darwin-arm64msger-native/bin/msgernative-linux-aarch64
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- `msger-native/builder/postinstall.js` copies bundled native executables into a per-user bin directory during `postinstall`.
- `shower.js` provisions per-app executable copies/hardlinks and launches the native binary.
Evidence against
- `package.json` lifecycle hook runs only the local `msger-native/builder/postinstall.js`; no download or network code appears there.
- `postinstall.js` selects only packaged platform binaries, sets permissions, and removes its own stale copies.
- `shower.js` invokes the selected local native UI binary with JSON over stdio; no credential harvesting or exfiltration is present.
- Network-capable `-url`/`-htmlfrom` behavior is explicitly user-supplied CLI functionality, not install-time activity.
- No AI-agent configuration writes, shell payloads, dynamic remote imports, or foreign control-surface mutation were found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node msger-native/builder/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node msger-native/builder/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgmsger-native/bin/msgernative-darwin-arm64View file
•path = msger-native/bin/msgernative-darwin-arm64
kind = native_binary
sizeBytes = 5650704
magicHex = [redacted]
Medium
Ships Native Binary
Package ships native binary artifacts.
msger-native/bin/msgernative-darwin-arm64View on unpkgmsger-native/bin/msgernative.exe.WebView2/EBWebView/CertificateRevocation/6498.2025.9.4/crl-setView file
•path = msger-native/bin/msgernative.exe.[redacted].2025.9.4/crl-set
kind = high_entropy_blob
sizeBytes = 23123
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
msger-native/bin/msgernative.exe.WebView2/EBWebView/CertificateRevocation/6498.2025.9.4/crl-setView on unpkgFindings
2 High5 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighShips High Entropy Blobmsger-native/bin/msgernative.exe.WebView2/EBWebView/CertificateRevocation/6498.2025.9.4/crl-set
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Native Binarymsger-native/bin/msgernative-darwin-arm64
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings