AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The package is a thin npm launcher that downloads a native bridge binary during postinstall or first CLI run. The reviewed source does not show a concrete malicious chain, but the package intentionally installs a local agent-control bridge executable.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or running the rein CLI when vendor/rein is missing
Impact
Installs a package-owned bridge binary capable by product design of controlling local coding agents after user setup.
Mechanism
version-pinned native binary download, checksum verification, unpack, chmod, and later spawnSync execution
Rationale
Source inspection finds a package-aligned native bridge installer with checksum verification and no confirmed exfiltration, destructive behavior, stealth persistence, or foreign AI-agent control-surface mutation. Because it installs an opaque agent-control executable at lifecycle time, warn rather than mark malicious or fully clean.
Evidence
package.jsonscripts/postinstall.mjsbin/rein.jsREADME.mdvendor/vendor/rein-<platform>.tar.gzvendor/reinvendor/spawn-helpervendor/.rein-managed-by
Network endpoints3
github.com/rein-industries/rein/releases/download/v0.1.9/SHA256SUMSgithub.com/rein-industries/rein/releases/download/v0.1.9/rein-<platform>.tar.gzrein.build
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/postinstall.mjs downloads platform tarball from GitHub release and unpacks to vendor/
- scripts/postinstall.mjs writes executable vendor/rein and vendor/spawn-helper then chmods them
- bin/rein.js self-downloads missing binary and spawnSync executes vendor/rein on user command
- README/package description says the bridge drives local coding-agent CLIs from a phone
Evidence against
- Download URL is package-aligned: github.com/rein-industries/rein/releases for same package version
- scripts/postinstall.mjs verifies tarball SHA256 against SHA256SUMS before unpacking
- Install failure only warns; postinstall does not run the downloaded rein binary
- No source evidence of credential harvesting, file exfiltration, destructive actions, persistence, or AI-agent config mutation
- Writes are scoped to package vendor/ directory
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License