registry  /  @mflrevan/wipe  /  0.3.0

@mflrevan/wipe@0.3.0

wipe - CLI-first, git-native collaboration for humans and agents.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

The package has an install-time native binary downloader. The reviewed JS installs package-aligned release artifacts into its own package directory, but the downloaded executable payload is not present in the source package for static inspection.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or first wipe CLI run if missing
Impact
Runs packaged native CLI binary after install/user CLI invocation; no confirmed malicious behavior in JS wrapper
Mechanism
platform-specific GitHub release binary download and archive extraction
Attack narrative
On install, npm runs install.js, which selects a platform artifact from package.json, downloads it from the package's GitHub release URL, writes it to a temp file, and extracts it into node_modules/.bin_real. The bin wrapper later spawns that installed binary with user arguments. The JS wrapper does not show credential theft, persistence, or agent-control hijacking, but it is a lifecycle-delivered native payload carrier.
Rationale
Source inspection finds a conventional but risky postinstall binary downloader with package-aligned endpoints and no concrete malicious JS behavior. Because the native executable is fetched during install and not available in the package source, warn rather than block.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-wipe.jsREADME.mdnode_modules/.bin_realos tmpdir artifact file
Network endpoints1
github.com/mflRevan/wipe/releases/download/v0.3.0

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ./install.js
  • install.js calls binary.install(false) during npm install
  • binary.js builds a GitHub release artifact URL from artifactDownloadUrl and platform artifactName
  • binary-install.js downloads the artifact with axios and extracts it with tar/unzip
  • binary-install.js installs executable files under node_modules/.bin_real
Evidence against
  • No credential, env, or filesystem harvesting found in JS sources
  • No exfiltration endpoints beyond package-aligned GitHub release download
  • No eval/vm/Function or dynamic remote JS execution found
  • No AI-agent control-surface writes in install-time JS
  • README describes .claude/.agents skill installation as user-invoked CLI behavior
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 9.13 KB of source, external domains: example.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
binary-install.jsView file
2const { join, sep } = require("path"); L3: const { spawnSync } = require("child_process"); L4: const { tmpdir } = require("os");
High
Child Process

Package source references child process execution.

binary-install.jsView on unpkg · L2
92L93: return axios({ ...fetchOptions, url: this.url, responseType: "stream" }) L94: .then((res) => { ... L101: if (/\.tar\.*/.test(this.zipExt)) { L102: const result = spawnSync(process.platform === "win32" ? join(process.env.SystemRoot || "C:\\Windows", "System32", "tar.exe") : "tar", ["xf", tempFile, L103: // The tarballs are stored with a leading directory
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

binary-install.jsView on unpkg · L92

Findings

3 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbinary-install.js
HighSame File Env Network Executionbinary-install.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings