AI Security Review
scanned 3h ago · by lpm-firewall-aiThe postinstall hook downloads an unsigned precompiled binary archive, extracts it under target/release, and marks it executable. The JavaScript API later executes files from that directory. No concrete malicious payload or exfiltration code is present in the inspected source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall on x64 when target/release is absent; later caller invokes run_rust().
Impact
A compromised or substituted release archive could execute attacker-controlled native code when the package is used.
Mechanism
Remote binary staging followed by local subprocess execution.
Rationale
The package is not conclusively malicious by source inspection, but its unverified postinstall native-binary download creates a real unresolved execution risk. Downgrade to warning rather than block because no credential theft, stealth persistence, agent-control mutation, or confirmed hostile behavior was found.
Evidence
package.jsondownloadBinariesOrCompileSource.jsindex.jsCargo.tomlsrc/ollama.rssrc/sjprovider.rstarget/releasebinaries.tar.gz
Network endpoints1
github.com/stjude/proteinpaint/releases/download/v2.197.0/rust-binaries-2.197.0-linux-x64.tar.gz
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json:13 runs a postinstall downloader when target/release is absent.
- downloadBinariesOrCompileSource.js:117 fetches a versioned GitHub tarball with no checksum/signature validation.
- downloadBinariesOrCompileSource.js:73 extracts the remote archive and :98 recursively marks it executable.
- index.js:28-35 later spawns a selected extracted binary.
Evidence against
- Only package-local GitHub release URL is hard-coded; no arbitrary host is sourced from input.
- No credential, home-directory, agent-config, or broad filesystem harvesting found.
- No existing binaries, hidden files, or symlinks are present in the extracted package.
- Rust HTTP client files are not referenced by any Cargo binary entrypoint.
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = if [ ! -d ./test ] & [ ! -d ./target/release ]; then node ./downloadBinariesOrCompileSource.js; fi
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = if [ ! -d ./test ] & [ ! -d ./target/release ]; then node ./downloadBinariesOrCompileSource.js; fi
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License