AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a thin native-binary downloader/wrapper. Risk is install-time retrieval and execution of a package-aligned Slack channel binary, but no confirmed malicious behavior is present in the inspected source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user CLI invocation runs bin/run.js
Impact
Installs and later executes a native Slack adapter binary; source wrapper does not show data theft, persistence, or foreign agent-control mutation.
Mechanism
platform-specific GitHub release binary download with checksum verification and CLI delegation
Rationale
Static inspection shows an install-time binary downloader, which is risky and opaque, but the JS source is package-aligned, checksum-verifies the download, and does not mutate broad agent control surfaces or harvest/exfiltrate data. Because the actual native binary is not present for review, this is a dangerous package capability rather than confirmed malware.
Evidence
package.jsoninstall.jsbin/run.jsbin/channel-slackbin/channel-slack.exe
Network endpoints2
github.com/deadraid/morphy-releases/releases/download/v0.6.1/<binary>github.com/deadraid/morphy-releases/releases/download/v0.6.1/sha256sums.txt
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- postinstall downloads platform binary from GitHub release into bin/channel-slack
- install.js executes existing downloaded binary with --version during install/update check
- Runtime bin/run.js delegates all CLI args to downloaded native binary
Evidence against
- Only package files are package.json, install.js, bin/run.js, LICENSE; no bundled payload or agent config files
- Download URLs are fixed to github.com/deadraid/morphy-releases releases for this package version
- install.js verifies downloaded binary against sha256sums.txt from the same release before chmod
- No source writes to home/project AI-agent config, shell startup files, VCS hooks, or autostart paths
- No credential/env/file harvesting or exfiltration logic visible in JS wrapper
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License