AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The notable behavior is package-aligned lifecycle and CLI setup for native openscience binaries, plus global removal of a same-scope deprecated CLI during global installs.
Static reason
One or more suspicious static signals were detected.
Trigger
npm global install for preinstall; npm install for postinstall; user running `openscience` for CLI wrapper cleanup and binary launch
Impact
May remove global `@synsci/cli` during a global install and may delete package-owned cache/config artifacts under `~/.openscience` when the CLI is run; no evidence of exfiltration or remote payload execution.
Mechanism
local binary wrapper and install-time compatibility cleanup
Rationale
The install hooks and wrapper perform package-aligned native binary selection and same-vendor upgrade cleanup, with no credential access, exfiltration, remote code fetch, persistence, or broad AI-agent control mutation. The global uninstall behavior is mildly risky but explained and bounded to a deprecated same-scope package, so it does not justify blocking.
Evidence
package.jsonpreinstall.mjspostinstall.mjsbin/openscience~/.openscience/package.json~/.openscience/.gitignore~/.openscience/bun.lockb~/.openscience/bunfig.toml~/.openscience/node_modules
Network endpoints2
git+https://github.com/synthetic-sciences/openscience.gitopenscience.sh/install
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines preinstall and postinstall lifecycle hooks.
- preinstall.mjs runs `npm rm -g @synsci/cli` only during global npm installs.
- bin/openscience deletes selected files and node_modules under `~/.openscience` at CLI runtime.
Evidence against
- No credential harvesting, environment dumping, or secret-file reads found.
- No exfiltration code or package-runtime network requests found; only repository/install-help URLs appear.
- postinstall.mjs only resolves/verifies platform optional binary packages and does not fetch remote code.
- bin/openscience launches local platform binaries from installed packages or explicit user paths.
- No eval/vm/Function, dynamic remote loading, persistence, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
NoLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.preinstall = node ./preinstall.mjs || exit 0
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg•scripts.postinstall = bun ./postinstall.mjs || node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowNo License