registry  /  @rein-industries/rein  /  0.1.9

@rein-industries/rein@0.1.9

Control your coding agents (Claude Code, Codex, Gemini, opencode, Grok) from your phone. Installs the rein bridge daemon.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package is a thin npm launcher that downloads a native bridge binary during postinstall or first CLI run. The reviewed source does not show a concrete malicious chain, but the package intentionally installs a local agent-control bridge executable.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or running the rein CLI when vendor/rein is missing
Impact
Installs a package-owned bridge binary capable by product design of controlling local coding agents after user setup.
Mechanism
version-pinned native binary download, checksum verification, unpack, chmod, and later spawnSync execution
Rationale
Source inspection finds a package-aligned native bridge installer with checksum verification and no confirmed exfiltration, destructive behavior, stealth persistence, or foreign AI-agent control-surface mutation. Because it installs an opaque agent-control executable at lifecycle time, warn rather than mark malicious or fully clean.
Evidence
package.jsonscripts/postinstall.mjsbin/rein.jsREADME.mdvendor/vendor/rein-<platform>.tar.gzvendor/reinvendor/spawn-helpervendor/.rein-managed-by
Network endpoints3
github.com/rein-industries/rein/releases/download/v0.1.9/SHA256SUMSgithub.com/rein-industries/rein/releases/download/v0.1.9/rein-<platform>.tar.gzrein.build

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs downloads platform tarball from GitHub release and unpacks to vendor/
  • scripts/postinstall.mjs writes executable vendor/rein and vendor/spawn-helper then chmods them
  • bin/rein.js self-downloads missing binary and spawnSync executes vendor/rein on user command
  • README/package description says the bridge drives local coding-agent CLIs from a phone
Evidence against
  • Download URL is package-aligned: github.com/rein-industries/rein/releases for same package version
  • scripts/postinstall.mjs verifies tarball SHA256 against SHA256SUMS before unpacking
  • Install failure only warns; postinstall does not run the downloaded rein binary
  • No source evidence of credential harvesting, file exfiltration, destructive actions, persistence, or AI-agent config mutation
  • Writes are scoped to package vendor/ directory
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 5.92 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License