AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Installation only prepares the package-owned native executable for macOS execution.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm postinstall
Impact
Enables execution of the bundled package-owned binary; no foreign control-surface mutation confirmed.
Mechanism
chmod plus removal of macOS xattrs on `codem-core`
Rationale
Direct inspection shows a platform-binary package whose lifecycle hook modifies only its bundled executable. Xattr removal is risky packaging behavior but is not concrete malicious behavior or an AI-agent control-surface hijack.
Evidence
package.jsoncodem-coreLICENSE
Decision evidence
public snapshotAI called this Clean at 83.0% confidence as Benign with medium false-positive risk.
Evidence for block
- `package.json` runs a `postinstall` hook.
- The hook removes macOS quarantine and provenance xattrs from `codem-core`.
- `codem-core` is a bundled 10 MB native ARM64 executable.
Evidence against
- The hook only chmods and changes xattrs on its own `codem-core` path.
- Manifest code has no credential collection, network request, shell interpolation, or foreign-path write.
- Package contains only `package.json`, `LICENSE`, and the declared platform binary.
- Static binary strings show npm/plugin CLI functionality, but no concrete install-time exfiltration or persistence chain.
Behavioral surface
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "var f=require('path').join(__dirname,'codem-core'),fs=require('fs');try{fs.chmodSync(f,0o755)}catch(e){};if(process.platform==='darwin'){['com.apple.quarantine','com.apple...
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "var f=require('path').join(__dirname,'codem-core'),fs=require('fs');try{fs.chmodSync(f,0o755)}catch(e){};if(process.platform==='darwin'){['com.apple.quarantine','com.apple...
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgcodem-coreView file
•path = codem-core
kind = native_binary
sizeBytes = 10291360
magicHex = [redacted]
Medium
Findings
1 Critical1 High2 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumShips Native Binarycodem-core
MediumStructural Risk Force Deep Review
LowScripts Present
LowNo License