AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The install hook is package-aligned setup assistance for Tailwind CSS tokens and imports, with no exfiltration or command execution.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; interactive terminal may prompt for setup paths
Impact
May create src/styles/tokens.css and optionally edit a chosen CSS file; no confirmed malicious impact
Mechanism
interactive CSS setup and React component library exports
Rationale
Static inspection shows suspicious lifecycle/file-write primitives, but they are package setup/dev-audit behavior with no credential harvesting, network exfiltration, shell execution, persistence, or AI-agent control mutation during install/import. The hard-coded Gemini report path is not lifecycle-reachable and does not carry executable instructions or secrets.
Evidence
package.jsonscripts/postinstall.cjsscripts/audit-showcase.tsdist/index.cjsdist/index.jsllms.txtREADME.mdsrc/styles/tokens.cssuser-supplied CSS path in consumer project/Users/y/.gemini/antigravity-ide/brain/b74152fa-bc73-4d65-9843-c65a49e0b5c5/showcase_coverage_report.md
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall lifecycle script
- scripts/postinstall.cjs can copy tokens.css and edit a user-supplied CSS file in interactive installs
- scripts/audit-showcase.ts contains a hard-coded write to /Users/y/.gemini/... but is not wired to lifecycle scripts
Evidence against
- postinstall has no network, child_process, credential access, or destructive operations
- non-interactive postinstall only prints setup instructions
- dist/index.cjs and dist/index.js are React UI component exports and dependency imports
- llms.txt contains usage guidance, not instructions to alter agent policy or exfiltrate data
- network strings are documentation/example links only
Behavioral surface
EnvironmentVarsFilesystem
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.cjs || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.cjs || true
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings