AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time lifecycle code retrieves a mutable native payload and drops it into the package directory. The launcher executes that payload when the user invokes `hallouminate`; no direct source-level exfiltration or agent-control mutation is confirmed.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` runs `postinstall`; invoking `hallouminate` runs the extracted binary.
Impact
A compromise or replacement of the upstream nightly release assets can supply executable code to package users.
Mechanism
Remote nightly binary download, same-channel checksum verification, extraction, and launcher execution.
Rationale
The package contains a real install-time remote executable delivery chain with no independent pinned integrity source. The behavior may be intended for a nightly binary wrapper, but its mutable payload channel is unresolved security risk rather than confirmed malicious intent.
Evidence
package.jsoninstall.jsrun.jsbin/hallouminate
Network endpoints2
github.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-<target>.tar.xzgithub.com/paulnsorensen/hallouminate/releases/download/nightly/hallouminate-<target>.tar.xz.sha256
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `package.json` runs `node install.js` in `postinstall`.
- `install.js` downloads a rolling nightly archive during install.
- Checksum is downloaded from the same mutable release channel as the archive.
- `install.js` extracts a native executable to `bin/hallouminate`.
- `run.js` later spawns the downloaded executable with user arguments.
Evidence against
- Only `install.js`, `run.js`, and `package.json` are packaged.
- No credential, environment, or user-file harvesting is present.
- No AI-agent configuration, persistence, or destructive file mutation is present.
- Downloads are HTTPS-only with a timeout and archive hash comparison.
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings