AI Security Review
scanned 10d ago · by lpm-firewall-aiThe package has an install-time native binary downloader. Source inspection did not show concrete malware, but the reviewed npm tarball does not contain the downloaded platform binary, leaving external release artifact behavior unresolved.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later user invokes wipe CLI
Impact
Potential execution of unreviewed native code on user CLI invocation; no confirmed malicious behavior in packaged JS source
Mechanism
downloads and extracts platform-specific GitHub release artifact, then CLI spawns extracted binary
Attack narrative
On install, npm runs install.js, which resolves a platform artifact URL under the package's GitHub release, downloads it with axios, and extracts it into node_modules/.bin_real. The package bin wrapper later spawns that extracted native binary with user-supplied CLI arguments. The JS source does not show exfiltration, persistence, destructive behavior, or agent control hijack, but the native payload is not present for static inspection.
Rationale
This is not publish-blockable from inspected source because the lifecycle behavior is a package-aligned binary installer and there is no concrete malicious action. It remains suspicious because install-time retrieval of an uninspected native artifact creates staged-payload risk.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsREADME.mdnode_modules/.bin_realOS temp directory artifact file.wipe/
Network endpoints1
github.com/mflRevan/wipe/releases/download/v0.1.2
Decision evidence
public snapshotAI called this Suspicious at 76.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./install.js
- install.js invokes binary.install(false) during npm install
- binary.js builds release URL from artifactDownloadUrl and platform artifact
- binary-install.js downloads a stream with axios and extracts it using tar/unzip into node_modules/.bin_real
- run-wipe.js executes the installed native binary via spawnSync on user CLI invocation
Evidence against
- No source evidence of credential/env harvesting or exfiltration
- No AI-agent control-surface writes such as MCP, Claude, Codex, or Cursor config mutation
- Network use is limited in JS source to downloading package-aligned release artifacts
- No install-time execution of the downloaded binary; execution occurs via the wipe CLI
- README describes a git-native task board storing data under project .wipe/
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings