AI Security Review
scanned 1d ago · by lpm-firewall-aiThe package uses an install hook to fetch a platform-specific native Discord channel executable into its own bin directory. The executable is not present in the package source, so its behavior cannot be fully inspected from the tarball.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; channel-discord CLI runs the fetched binary
Impact
Unpinned remote release binary can change the effective installed code outside the npm tarball, but no concrete malicious behavior is visible in the inspected source.
Mechanism
install-time remote native binary download and CLI wrapper execution
Attack narrative
On installation, install.js selects an OS/CPU-specific release asset, downloads it from github.com/deadraid/morphy-releases, verifies it against sha256sums.txt from the same release, chmods it on Unix, and stores it as bin/channel-discord or bin/channel-discord.exe. The package CLI then delegates to that binary. This is an opaque install-time native payload path, but inspection found no broader filesystem mutation, credential access, agent-control hijack, or other concrete malicious behavior in the JavaScript source.
Rationale
The package has a real unresolved supply-chain risk because installation retrieves executable code not included in the npm tarball, but the behavior is package-aligned and confined to its own CLI binary path. Static source inspection does not establish malicious intent or attack behavior, so warn rather than block.
Evidence
package.jsoninstall.jsbin/run.jsbin/channel-discordbin/channel-discord.exe
Network endpoints2
github.com/deadraid/morphy-releases/releases/download/v0.6.6/github.com/deadraid/morphy-releases/releases/download/v0.6.6/sha256sums.txt
Decision evidence
public snapshotAI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node install.js
- install.js downloads a platform native executable from GitHub releases at install time
- install.js verifies checksum from the same remote release source, not package-pinned local data
- bin/run.js executes the downloaded bin/channel-discord binary with user args
Evidence against
- No install-time writes outside package bin/ were found
- No credential, env, home-directory, or project-file harvesting in inspectable JS
- No AI-agent control-surface writes, persistence hooks, or destructive behavior found
- Network endpoint is package/repository-aligned GitHub release download
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License