AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation downloads a platform-specific native release archive and extracts it into the package directory. Later CLI use executes that downloaded binary. No source-level credential theft, persistence outside the package, or AI-agent control-surface mutation is present.
Static reason
One or more suspicious static signals were detected.
Trigger
npm installation runs `postinstall`; invoking `trn` or `trnovel` runs the installed native binary.
Impact
A compromised or replaced release artifact could execute native code on an installing user's machine.
Mechanism
unsigned remote native-binary download, extraction, and execution
Rationale
No concrete malicious behavior is established from the inspected source. However, the unverified postinstall download and later execution of a remotely hosted native artifact is a real supply-chain execution risk.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-trn.jsrun-trnovel.jsnpm-shrinkwrap.jsonnode_modules/.bin_real
Network endpoints1
github.com/yexiyue/TRNovel/releases/download/trnovel-v0.14.1
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `package.json` defines `postinstall: node ./install.js`.
- `binary.js` builds a GitHub release URL from `artifactDownloadUrls` and platform metadata.
- `binary-install.js` downloads, extracts, and installs a remote native archive without a checksum or signature check.
- `run-trn.js` and `run-trnovel.js` execute the downloaded binary with user-supplied arguments.
Evidence against
- Installer writes only under package-local `node_modules/.bin_real`.
- No source evidence of credential harvesting, environment exfiltration, AI-agent config changes, or unrelated filesystem access.
- Network target is package-aligned: the declared TRNovel GitHub releases URL.
- Shell tools are invoked with fixed argument arrays for archive extraction, not a shell command string.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings