AI Security Review
scanned 3h ago · by lpm-firewall-ai`postinstall` retrieves and installs a native executable that is absent from the package contents. The CLI launches that downloaded executable only after an explicit user command; no confirmed credential theft, exfiltration, or foreign agent-control mutation appears in inspected source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm `postinstall`, then explicit `xbot` CLI invocation.
Impact
The release endpoint controls the native executable staged into the installed package without a package-pinned cryptographic identity.
Mechanism
Remote native payload download, same-origin checksum check, archive extraction, and CLI spawning.
Rationale
Inspected JavaScript establishes a real install-time remote binary staging path, but not a concrete malicious chain such as exfiltration, destructive action, or unconsented foreign AI-agent control-surface mutation. Flag as a staged payload carrier for warning rather than blocking.
Evidence
package.jsonscripts/install.jsbin/xbot.jsdocs/INSTALLATION.mdvendor/<platform>-<arch>/xbot
Network endpoints1
github.com/guoqingbao/xbot/releases/download/${tag}
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `package.json` defines `postinstall`.
- `scripts/install.js` downloads a target-native archive during installation.
- Checksum is fetched from the same overrideable release base, with no pinned digest or signature.
- `scripts/install.js` extracts the archive into `vendor/<target>`.
- `bin/xbot.js` later executes the downloaded `vendor/<target>/xbot` binary.
Evidence against
- No package source reads credentials or harvests user files.
- No source posts environment data or other local data to a network endpoint.
- No source writes foreign AI-agent configuration or persistence locations.
- Downloaded binary is not executed during `postinstall`; execution requires `xbot` CLI use.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings