AI Security Review
scanned 1d ago · by lpm-firewall-aiInstall-time lifecycle code fetches a platform-specific native executable and installs it into the package bin directory. This creates unresolved risk because the runtime behavior is in a remote binary not present in the inspected source package.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs channel-discord
Impact
Potential execution of opaque downloaded code when the CLI is invoked; no confirmed malicious behavior in inspected source
Mechanism
install-time remote native binary download
Attack narrative
On install, package.json runs install.js, which selects a platform-specific executable name, downloads it from GitHub releases, verifies it against sha256sums.txt from the same release, writes it under bin/, and marks it executable. The CLI wrapper then executes that binary when the user runs channel-discord. The inspected JavaScript does not show exfiltration or persistence, but the main behavior is delegated to an opaque remote native binary outside the package contents.
Rationale
Static source inspection found no concrete malware or AI-agent control hijack, but the package relies on an install-time remote native binary download whose behavior cannot be verified from the package source. This warrants a warning rather than a publish block.
Evidence
package.jsoninstall.jsbin/run.jsbin/channel-discordbin/channel-discord.exe
Network endpoints2
github.com/deadraid/morphy-releases/releases/download/v0.6.5/github.com/deadraid/morphy-releases/releases/download/v0.6.5/sha256sums.txt
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads platform-specific native executable from GitHub releases during install
- install.js writes downloaded binary to bin/channel-discord or bin/channel-discord.exe and chmods it executable
- bin/run.js invokes the installed native binary with user CLI arguments
- install.js verifies checksum, but checksum file is downloaded from the same release origin
Evidence against
- No source evidence of credential harvesting, env scanning, or data exfiltration
- No writes to AI-agent control surfaces, shell startup files, VCS hooks, or autostart locations
- Network endpoint is package-aligned GitHub release repository
- Downloaded binary is not executed during fresh install; runtime requires user invoking channel-discord
- No bundled obfuscated JavaScript or prompt/reviewer manipulation found
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License