AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time code downloads and extracts a release binary into `node_modules/.bin_real`; the CLI executes that binary on user invocation. No confirmed exfiltration or AI-agent control-surface mutation exists in the inspected JavaScript.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; later execution of `baton`
Impact
Remote release artifact executes as the installing user, without source-level integrity verification.
Mechanism
platform binary bootstrap from fixed GitHub release URL
Rationale
No malicious behavior is established in the shipped JavaScript, but install-time retrieval and execution of an unverified remote binary is a concrete unresolved supply-chain risk. The package's stated agent-integration functionality is not implemented by the inspected JavaScript.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-baton.jsREADME.mdnpm-shrinkwrap.jsonnode_modules/.bin_real
Network endpoints1
github.com/Kaseban/baton/releases/download/v0.4.0
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `postinstall` via `install.js`.
- `binary-install.js` downloads a platform binary, extracts it, then `run-baton.js` executes it.
- Downloaded archive has no checksum/signature verification in package source.
Evidence against
- `install.js` only calls the package-local binary installer.
- Download URL is fixed to the package's GitHub release path in `package.json`.
- Source reads only proxy environment variables; no harvesting of credentials, files, or agent configs is present.
- No eval, dynamic code loading, hidden persistence, or broad AI-agent config mutation appears in shipped JavaScript.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings