AI Security Review
scanned 1d ago · by lpm-firewall-aiInstall-time code downloads an opaque native channel-discord binary into the package and later executes it via the CLI wrapper. Source inspection does not show exfiltration or persistence, but the shipped npm source delegates behavior to a remote release asset.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later channel-discord CLI invocation
Impact
Unreviewed binary payload can run locally when installed or invoked, bounded by package path in visible source.
Mechanism
install-time remote native binary download and CLI execution wrapper
Attack narrative
On installation, install.js selects a platform-specific asset, downloads it from GitHub releases, verifies it against a checksum fetched from the same release, chmods it, and stores it under bin/channel-discord. The published JavaScript wrapper then executes that binary on CLI use. No source evidence shows credential theft, persistence, destructive behavior, or foreign AI-agent control-surface mutation.
Rationale
The package is not proven malicious by source inspection, but its lifecycle fetches and installs an opaque executable payload not present in the npm tarball, so the residual risk is real. The behavior appears package-aligned and bounded to its own bin path, making warn more appropriate than publish block.
Evidence
package.jsoninstall.jsbin/run.jsbin/channel-discordbin/channel-discord.exe
Network endpoints2
github.com/deadraid/morphy-releases/releases/download/v0.6.2/<platform-binary>github.com/deadraid/morphy-releases/releases/download/v0.6.2/sha256sums.txt
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads platform binary from GitHub releases during install
- install.js fetches checksum from same release location, not package-pinned integrity
- bin/run.js execs downloaded bin/channel-discord with user args
Evidence against
- No code writes outside package bin directory
- No credential, env, home-dir, or project file harvesting found
- No AI-agent control-surface writes found
- Network use is limited to package release downloads
- Runtime wrapper only invokes package-aligned binary on user command
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License