AI Security Review
scanned 3h ago · by lpm-firewall-aiGlobal installation triggers a lifecycle script that downloads and pipes a remote shell installer from swirls.ai into bash, then replaces the package bin with the installed binary. The reviewed package does not contain the remote script or binary, so install-time behavior depends on mutable remote code.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/install.js
- scripts/install.js runs on global npm/Bun installs outside CI/Windows
- scripts/install.js executes `curl -fsSL https://swirls.ai/install | bash` with shell:true during lifecycle
- scripts/install.js copies ~/.local/bin/swirls into package bin/swirls after remote installer completes
- Lifecycle script is gated to global installs and skips CI/Windows
- Network endpoint is package-aligned with declared author URL/domain
- No source evidence of credential harvesting, AI-agent control-surface writes, persistence files, or destructive actions in the package itself
Source & flagged code
9 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgSource downloads or fetches remote code and executes it.
scripts/install.jsView on unpkg · L13A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
scripts/install.jsView on unpkg · L13Package source references child process execution.
scripts/install.jsView on unpkg · L13Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
scripts/install.jsView on unpkg · L13Source file is highly similar to a previously finalized malicious package; route for source-aware review.
scripts/install.jsView on unpkgSource fingerprint signature matches a known malicious package signature; route for source-aware review.
scripts/install.jsView on unpkg