registry  /  @rein-industries/rein  /  0.1.0

@rein-industries/rein@0.1.0

Remote-control your local AI coding harnesses (Claude Code, Codex, opencode) from your phone. Installs the rein daemon.

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package is a thin npm launcher/downloader for a native Rein daemon. Static JS does not show exfiltration or agent control-surface mutation, but install/runtime fetches an opaque binary payload from GitHub releases.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; rein CLI first run if vendor/rein is missing; rein CLI invocation
Impact
Unresolved risk is limited to the downloaded native binary, which is outside the inspected npm source; no confirmed malicious JS behavior found.
Mechanism
versioned remote binary download, checksum verification, tar extraction, and local binary execution
Rationale
Source inspection shows an install-time native binary downloader with package-aligned disclosure, but no concrete malicious JS behavior, exfiltration, persistence, destructive action, or unconsented mutation of foreign AI-agent control surfaces. Because the package installs an opaque remote binary whose integrity is not pinned inside the npm package, warn rather than block or mark clean.
Evidence
package.jsonscripts/postinstall.mjsbin/rein.jsREADME.mdvendor/vendor/reinvendor/spawn-helpervendor/.rein-managed-by
Network endpoints3
github.com/rein-industries/rein/releases/download/v<version>/SHA256SUMSgithub.com/rein-industries/rein/releases/download/v<version>/rein-<platform>.tar.gzrein.build

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs downloads SHA256SUMS and rein-<platform>.tar.gz during postinstall
  • scripts/postinstall.mjs trusts checksum fetched from same release location, not a package-pinned hash
  • scripts/postinstall.mjs allows REINS_REPO, REINS_RELEASE_BASE, and REINS_VERSION environment overrides
  • bin/rein.js self-downloads missing vendor binary and spawnSync executes vendor/rein on user invocation
Evidence against
  • No credential, env, or filesystem harvesting found in package JS source
  • No AI-agent config files are written by package JS source
  • Downloaded binary is unpacked under package-owned vendor/ only
  • README and package description disclose prebuilt binary download and remote-control daemon purpose
  • postinstall catches download errors and does not fail npm install
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 5.92 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License