AI Security Review
scanned 2h ago · by lpm-firewall-aiA global npm install triggers a lifecycle script that executes a mutable remote shell installer from swirls.ai. The script then replaces the package bin stub with a binary placed in ~/.local/bin by that remote installer.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js
- scripts/install.js runs execSync with shell:true on curl -fsSL https://swirls.ai/install | bash
- postinstall copies ~/.local/bin/swirls into package bin/swirls after remote script runs
- bin/swirls tells users to run curl -fsSL https://swirls.ai/install | bash if postinstall was skipped
- scripts/install.js skips CI, Windows, and non-global installs
- No source evidence of credential harvesting, AI-agent control-surface writes, persistence hooks, or destructive file operations
- Network endpoint is package-aligned: swirls.ai
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource downloads or fetches remote code and executes it.
scripts/install.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
scripts/install.jsView on unpkg · L13Package source references child process execution.
scripts/install.jsView on unpkg · L13Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/install.jsView on unpkg · L13