AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time code downloads an unauthenticated platform archive from a hard-coded IP address with TLS verification disabled. It extracts and stages a native executable plus agent-related assets for later execution through the package CLI.
Decision evidence
public snapshot- `package.json` runs `postinstall.mjs` automatically on install.
- `platform-bootstrap.mjs` downloads a versioned tgz from a hard-coded IP endpoint.
- The HTTPS request disables certificate validation with `rejectUnauthorized: false`.
- Downloaded archive has no checksum or signature verification before extraction.
- Postinstall installs the fetched binary into `node_modules` and links it as `bin/.onecode`.
- Bootstrap symlinks fetched `.opencode` and `.oneskills` assets into the package root.
- No credential harvesting, environment enumeration, or exfiltration appears in inspected source.
- No downloaded binary is executed during `postinstall`; the launcher executes it only when the user runs `onecode`.
- Source writes are scoped to this package directory and its platform package.
Source & flagged code
4 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
platform-bootstrap.mjsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
platform-bootstrap.mjsView on unpkg