AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a thin npm launcher/downloader for a native Rein daemon. Static JS does not show exfiltration or agent control-surface mutation, but install/runtime fetches an opaque binary payload from GitHub releases.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; rein CLI first run if vendor/rein is missing; rein CLI invocation
Impact
Unresolved risk is limited to the downloaded native binary, which is outside the inspected npm source; no confirmed malicious JS behavior found.
Mechanism
versioned remote binary download, checksum verification, tar extraction, and local binary execution
Rationale
Source inspection shows an install-time native binary downloader with package-aligned disclosure, but no concrete malicious JS behavior, exfiltration, persistence, destructive action, or unconsented mutation of foreign AI-agent control surfaces. Because the package installs an opaque remote binary whose integrity is not pinned inside the npm package, warn rather than block or mark clean.
Evidence
package.jsonscripts/postinstall.mjsbin/rein.jsREADME.mdvendor/vendor/reinvendor/spawn-helpervendor/.rein-managed-by
Network endpoints3
github.com/rein-industries/rein/releases/download/v<version>/SHA256SUMSgithub.com/rein-industries/rein/releases/download/v<version>/rein-<platform>.tar.gzrein.build
Decision evidence
public snapshotAI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs downloads SHA256SUMS and rein-<platform>.tar.gz during postinstall
- scripts/postinstall.mjs trusts checksum fetched from same release location, not a package-pinned hash
- scripts/postinstall.mjs allows REINS_REPO, REINS_RELEASE_BASE, and REINS_VERSION environment overrides
- bin/rein.js self-downloads missing vendor binary and spawnSync executes vendor/rein on user invocation
Evidence against
- No credential, env, or filesystem harvesting found in package JS source
- No AI-agent config files are written by package JS source
- Downloaded binary is unpacked under package-owned vendor/ only
- README and package description disclose prebuilt binary download and remote-control daemon purpose
- postinstall catches download errors and does not fail npm install
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License