AI Security Review
scanned 10h ago · by lpm-firewall-aiInstall-time code fetches and extracts a remote native payload from a rolling GitHub nightly release. The fetched checksum does not provide an independent trust anchor, and the payload executes when the CLI is invoked.
Static reason
One or more suspicious static signals were detected.
Trigger
npm installation runs `postinstall`; invoking `hallouminate` runs the extracted binary.
Impact
A compromised or replaced nightly release asset could supply code executed by package users.
Mechanism
mutable remote binary download, checksum-by-same-source, extraction, and runtime execution
Rationale
No concrete theft, persistence, destructive action, or AI-agent control-surface mutation appears in the JavaScript source. The install hook nevertheless stages a mutable remote executable whose integrity check is not independently anchored.
Evidence
package.jsoninstall.jsrun.jsbin/hallouminate
Network endpoints2
github.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xzgithub.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-${target}.tar.xz.sha256
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node install.js` as `postinstall`.
- `install.js` downloads a mutable `nightly` archive during installation.
- Checksum is fetched from the same mutable release location as the archive.
- `install.js` extracts the downloaded archive into `bin/` with `tar`.
- `run.js` executes the downloaded `bin/hallouminate` binary.
Evidence against
- No credential, environment, or local-file harvesting is present.
- No exfiltration, eval, shell string execution, or agent-config writes are present.
- Downloads require HTTPS and the archive hash is checked before extraction.
- Child-process arguments are fixed rather than user-controlled shell input.
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings