AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time code can fetch an unverified platform binary tarball from a hardcoded IP endpoint with TLS certificate validation disabled. The downloaded payload is extracted and installed as the package CLI binary.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall lifecycle when platform package is missing
Impact
A remote server can supply executable code that becomes the onecode CLI without registry-published source or integrity protection.
Mechanism
install-time unverified remote binary download and staging
Attack narrative
During npm install, the postinstall script imports platform-bootstrap.mjs and ensures a platform binary exists. If not found locally, it constructs a tgz URL under a hardcoded IP host, downloads it with certificate verification disabled, extracts it with tar, chmods the binary, and links/copies it to bin/.onecode. That stages opaque executable code outside npm registry integrity guarantees.
Rationale
The source establishes a concrete install-time remote payload path with disabled TLS verification and no integrity check. Even without credential theft or immediate binary execution, this is a blockable staged executable payload carrier.
Evidence
package.jsonpostinstall.mjsplatform-bootstrap.mjsbin/onecodebin/.onecode.platform-version.platform-bootstrap-worknode_modules/onecode-linux-x64.opencode.oneskills
Network endpoints1
218.90.133.98:4443/onecode_tgz
Decision evidence
public snapshotAI called this Malicious at 94.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json runs postinstall: node ./postinstall.mjs
- postinstall.mjs calls ensurePlatformBinary() during npm lifecycle
- platform-bootstrap.mjs downloads a platform tgz from https://218.90.133.98:4443/onecode_tgz when local binary is absent
- downloadFile() uses https.get with rejectUnauthorized:false and no integrity/signature verification
- downloaded tgz is extracted with execSync tar and linked/copied to bin/.onecode for later execution
Evidence against
- No credential/env/file harvesting logic found in inspected JS files
- No install-time execution of the downloaded onecode binary observed; execution occurs via the onecode bin wrapper
- Filesystem writes are mostly under the package root/node_modules, not user home or shell startup files
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings