AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Install-time behavior is limited to chmod on package-aligned executable files; runtime AI-agent capabilities require explicit CLI invocation.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall chmods package binaries; user runs linghun commands for runtime behavior
Impact
No unconsented lifecycle control-surface mutation or credential exfiltration identified
Mechanism
package-owned binary permission setup and user-invoked AI CLI
Rationale
Static inspection shows a legitimate CLI package with a lifecycle chmod helper for package-owned optional binaries and user-invoked AI/session/model commands. The suspicious primitives are package-aligned and no concrete install-time hijack, persistence, secret harvesting, or exfiltration behavior remains.
Evidence
package.jsonscripts/postinstall.cjsdist/main.jsbundled/codebase-memory/*/codebase-memory-mcpbundled/native-runner/*/linghun-native-runnerbundled/pre-engine/*/linghun-pre-engineoptional @linghun/* platform package bundled executables.linghun/settings.json read during model doctor when user-invoked
Decision evidence
public snapshotAI called this Clean at 89.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall lifecycle hook
- dist/main.js exposes user-invoked headless AI run mode with default autoApprove and full-access mode
Evidence against
- scripts/postinstall.cjs only chmods package-owned bundled executables and optional @linghun platform package executables
- No install-time writes to home/project AI-agent control surfaces such as MCP, Claude, Codex, or shell startup files
- dist/main.js CLI behavior is user-invoked: TUI, sessions, model diagnostics, prompt-file/stdin run
- API key handling in dist/main.js masks secrets in diagnostics and warns against project settings storage
- No fetch/http/child_process/eval/Function usage found in package source
- No hardcoded exfiltration endpoint found
Behavioral surface
CryptoEnvironmentVarsFilesystem
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem