AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. Install-time code copies this package's Erii configuration templates into the host project's `.conf/` and `conf/` directories. It may also create `.update-conf/` copies when those destinations already exist. No confirmed exfiltration or remote execution is present.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall
Impact
Modifies project-local configuration directories during installation.
Mechanism
local Erii configuration provisioning
Rationale
This is a first-party, package-aligned Erii configuration setup hook, not concrete malware. It remains a warning because it performs install-time project-local configuration writes.
Evidence
package.jsonpostinstall.jsconf/.env.localconf/application.conf.conf/setup.json.conf/copy.json.conf/conf/.update-conf/.conf/.update-conf/conf/
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Benign with medium false-positive risk.
Evidence for warning
- `package.json` runs `node postinstall.js` during installation.
- `postinstall.js` writes `.conf/` and `conf/` into its derived project root.
- Existing destinations cause full copies into `.update-conf/`.
Evidence against
- `postinstall.js` only uses synchronous local filesystem APIs; no network, shell, eval, or dynamic loading.
- `conf/.env.local` contains placeholder API-key values, not embedded credentials.
- Bundled JSON/HOCON files are Erii configuration templates; no foreign agent-control paths or payloads found.
Behavioral surface
EnvironmentVarsFilesystem
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgconf/.env.localView file
2patternName = blocked_file
severity = critical
matchedText = conf/.env.local
redactedSecretContext =
secretLikeLines = 8
L2: GOOGLE_API_KEY=<redacted:24 token-like>
L4: OPENAI_API_KEY=<redacted:24 token-like>
L5: ANTHROPIC_API_KEY=<redacted:27 token-like>
L6: OPENROUTER_API_KEY=<redacted:28 token-like>
L9: EMBEDDING_API_KEY=<redacted:33 token-like>
L12: SEARCH_API_KEY=<redacted:24 token-like>
L15: VISION_API_KEY=<redacted:24 token-like>
L18: NAPCAT_TOKEN=<redacted:17 value>
Critical
Findings
1 Critical1 High2 Medium2 Low
CriticalCritical Secretconf/.env.local
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem