AI Security Review
scanned 4h ago · by lpm-firewall-aiInstall-time code fetches and installs a platform executable into the package vendor directory. The behavior is package-aligned but leaves remote binary trust dependent on the release/checksum source.
Static reason
One or more suspicious static signals were detected.; source closely matched a different package identity
Trigger
npm install postinstall, then user-invoked clipal CLI
Impact
Potential execution of downloaded native binary if release source or override URL is compromised; no confirmed malicious behavior in package source.
Mechanism
remote binary installer with checksum verification from same release source
Attack narrative
On installation, the package selects an OS/architecture-specific asset, downloads checksums.txt and the binary from the configured release base, verifies the binary hash against that checksum file, and copies it into vendor/. The CLI wrapper executes that vendor binary when the user runs clipal. The reviewed JavaScript does not exfiltrate data, persist outside the package, or modify agent control surfaces.
Rationale
This is not confirmed malware, but the install hook retrieves an executable payload at lifecycle time and trusts checksums fetched from the same remote base, including an environment-variable override. Treat as warn-level remote binary installer risk rather than publish-block malicious behavior.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exeos.tmpdir()/clipal-npm-*
Network endpoints3
github.com/PAIArtCom/Clipal/releases/downloadclipal.paiart.comgithub.com/PAIArtCom/Clipal
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./scripts/postinstall.js
- scripts/postinstall.js downloads a platform binary during install
- checksums.txt and binary are both fetched from CLIPAL_NPM_BASE_URL or GitHub releases
- bin/clipal.js later spawns vendor/clipal with user args
Evidence against
- No credential, env, or filesystem harvesting found
- No AI-agent control-surface writes found
- Network host is package-aligned GitHub releases by default
- Downloaded binary is checked against checksums.txt before install
- Only package vendor path and temp dir are written
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/clipal.jsView file
•matchType = package_source_clone_identity_mismatch
matchedPackage = clipal@0.21.1
matchedPath = bin/clipal.js
matchedIdentity = npm:Y2xpcGFs:0.21.1
similarity = 1.000
shingleOverlap = 2
summary = source files closely matched a different published package identity
High
Package Source Clone Identity Mismatch
Package source closely matches a different published package identity; review for dependency-confusion or copied-code abuse.
bin/clipal.jsView on unpkgFindings
2 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPackage Source Clone Identity Mismatchbin/clipal.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings