AI Security Review
scanned 13d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The risky behaviors are expected for a native CLI installer and user-invoked PostHog API/agent-helper commands.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install downloads the CLI binary; runtime posthog-cli commands contact PostHog or update AGENTS.md only when invoked
Impact
Installs and runs PostHog CLI; user-invoked commands may write AGENTS.md or call PostHog APIs with supplied credentials.
Mechanism
platform binary installer and documented PostHog CLI
Rationale
Static inspection shows an expected native CLI package: postinstall fetches a PostHog release artifact, and bundled API/agent features are documented and user-invoked with confirmation gates. I found no install-time credential harvesting, persistence, hidden exfiltration, reviewer manipulation, or unconsented AI-agent control-surface mutation.
Evidence
package.jsoninstall.jsrun-posthog-cli.jsbinary.jsbinary-install.jsREADME.mdlib/posthog-api-cli.mjsnode_modules/.bin_realAGENTS.md
Network endpoints2
github.com/PostHog/posthog/releases/download/posthog-cli/v0.7.34us.posthog.com
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json has postinstall: node ./install.js
- binary-install.js downloads platform archive and extracts it into node_modules/.bin_real
- binary-install.js uses spawnSync for tar/unzip/powershell and for running installed binary
- lib/posthog-api-cli.mjs has user-invoked agents-md install that writes AGENTS.md
Evidence against
- install.js only calls binary.install(false); no credential or project-file harvesting seen
- download URL is package-aligned GitHub release path for PostHog CLI v0.7.34
- run-posthog-cli.js only dispatches to the installed posthog-cli binary with inherited argv/stdio
- README documents PostHog auth env vars, dry-run behavior, and AGENTS.md installation as explicit CLI commands
- destructive API tools in bundled CLI require --confirm before call
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Oversized source lightweight scan
lib/posthog-api-cli.mjs4.73 MB file, sampled 256 KB
ChildProcessHighEntropyStringsUrlStringsprosemirror.net
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkglib/posthog-api-cli.mjsView file
•path = lib/posthog-api-cli.mjs
kind = oversized_source_file
sizeBytes = 4955910
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
lib/posthog-api-cli.mjsView on unpkg•path = lib/posthog-api-cli.mjs
kind = oversized_cli_entrypoint
sizeBytes = 4955910
magicHex = [redacted]
Medium
Oversized Cli Entrypoint
Package contains an oversized executable-looking CLI entrypoint.
lib/posthog-api-cli.mjsView on unpkgFindings
2 High5 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filelib/posthog-api-cli.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointlib/posthog-api-cli.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings