AI Security Review
scanned 10d ago · by lpm-firewall-aiInstall-time code downloads a platform-specific prebuilt executable from the package's GitHub release and stores it under node_modules/.bin_real. This is a package-aligned binary installer, but the shipped source does not contain or verify the native payload.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later wipe CLI invocation
Impact
Uninspected native executable is installed and can run with user privileges when the CLI is invoked; no confirmed malicious behavior in JS wrapper.
Mechanism
postinstall binary download and extraction
Attack narrative
During postinstall, install.js calls the package binary installer. The installer selects a platform artifact from package.json, downloads it from the GitHub release URL with axios, extracts it using tar or unzip into node_modules/.bin_real, and the wipe bin later spawnSyncs that executable. Static JS inspection found no exfiltration, persistence, agent control hijack, or credential access, but the native payload itself is not present for review.
Rationale
The suspicious behavior is a lifecycle-triggered remote native binary installer without payload verification, not concrete malware in the inspected source. Because the download is package-aligned and no credential theft, persistence, destructive action, or foreign AI-agent control mutation is present, this should warn rather than block.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsREADME.mdnode_modules/.bin_realtemporary archive under os.tmpdir()
Network endpoints2
github.com/mflRevan/wipe/releases/download/v0.1.1wipeboard.dev
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./install.js
- install.js calls binary.install(false) at install time
- binary.js builds GitHub release artifact URL from artifactDownloadUrl and supportedPlatforms
- binary-install.js downloads via axios and extracts tar/zip into node_modules/.bin_real
- run-wipe.js executes installed binary via spawnSync when wipe CLI is invoked
Evidence against
- No credential, env, home-directory, or source harvesting found in package JS
- No AI-agent control-surface writes such as MCP, Claude, Cursor, or Codex config found
- Network endpoint is package-aligned GitHub release URL
- No eval/vm/Function or dynamic remote JS execution found
- README documents npm install downloads a prebuilt binary
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings