AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package uses a GoReleaser-style postinstall to fetch a checksummed platform binary, then user-invoked CLI execution spawns that binary.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; ghostable CLI invocation runs installed binary
Impact
Installs and runs the Ghostable CLI; no source-level exfiltration or destructive behavior found
Mechanism
checksummed release binary downloader and CLI shim
Rationale
Static inspection found install-time network and child_process behavior, but it is package-aligned binary installation with pinned checksums and no source evidence of harvesting, exfiltration, persistence, destructive actions, or reviewer/agent manipulation. The scanner hints are explained by the GoReleaser npm wrapper and the package's documented CLI purpose.
Evidence
package.jsoninstall.jsrun-ghostable.jslib.jsREADME.mdbin/ghostablebin/ghostable.exearchive-*/
Network endpoints6
github.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_darwin_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_darwin_amd64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_linux_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_linux_amd64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_windows_arm64.tar.gzgithub.com/ghostable-dev/beta/releases/download/v0.2.4/ghostable_0.2.4_npm_windows_amd64.tar.gz
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node install.js
- lib.js downloads platform archive during install and extracts binary to bin/
- lib.js run() spawns bin/ghostable with user CLI args
Evidence against
- install.js only imports install() from lib.js
- package.json archive URLs are GitHub release assets for ghostable-dev/beta v0.2.4 with sha256 digests
- lib.js verifies archive checksum before extraction
- No credential/env harvesting, exfiltration POSTs, eval/vm/Function, persistence, or AI-agent control-surface writes found
- README.md describes this as a local-first environment/secrets management CLI, matching the binary installer behavior
Behavioral surface
ChildProcessCryptoFilesystemNetworkShell
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem