AI Security Review
scanned 5h ago · by lpm-firewall-aiGlobal installation triggers a postinstall script that downloads and pipes a remote installer from swirls.ai directly into bash. The package source does not pin, verify, or include the executed installer content.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js
- scripts/install.js runs execSync with shell:true during lifecycle
- scripts/install.js executes curl -fsSL https://swirls.ai/install | bash on global install
- Lifecycle script is gated only by CI, Windows, and non-global install checks
- Remote installer executes unaudited network content at install time
- No credential harvesting found in inspected files
- No AI-agent control-surface writes found in package source
- bin/swirls is a package CLI placeholder, not hidden persistence
- Lifecycle skips local/non-global installs and CI
- Network endpoint is package-aligned to swirls.ai
Source & flagged code
7 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource downloads or fetches remote code and executes it.
scripts/install.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
scripts/install.jsView on unpkg · L13Package source references child process execution.
scripts/install.jsView on unpkg · L13Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/install.jsView on unpkg · L13