AI Security Review
scanned 1d ago · by lpm-firewall-aiThe package installs a remote platform-specific native binary from a fixed GitHub nightly release. The JavaScript wrapper later executes that binary when the tilth CLI is invoked, but no direct malicious JS behavior was found.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking tilth runs the installed binary
Impact
Unverified remote binary supply-chain risk; behavior of downloaded binary is outside inspected package source
Mechanism
install-time remote native binary download and CLI wrapper execution
Rationale
Static inspection confirms an install-time remote binary fetch without integrity verification, so this should warn as a staged payload carrier. The endpoint is package-aligned and the JS source shows no concrete malicious behavior, so publish blocking is not supported.
Evidence
package.jsoninstall.jsrun.jsbin/bin/tilthbin/tilth.exebin/tilth.zip
Network endpoints2
github.com/paulnsorensen/tilth/releases/download/nightly/tilth-${target}.${ext}github.com/paulnsorensen/tilth
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads a platform binary from GitHub nightly release during install
- install.js extracts downloaded archive into package bin/ and chmods the binary
- run.js executes the installed native binary via execFileSync when tilth CLI is invoked
- No checksum/signature verification is present for the downloaded binary
Evidence against
- Network endpoint is package-aligned with repository github.com/paulnsorensen/tilth
- No credential, env, or filesystem harvesting found in JS wrapper files
- No AI-agent config/control-surface writes found
- No obfuscated strings, eval/vm/Function, or dynamic require/import found
- No install-time execution of the downloaded tilth binary found
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings