AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The install hook is a narrowly scoped local-bin symlink helper, while network and credential actions are activated by explicit CLI/auth commands.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or explicit `wave` CLI commands
Impact
No unconsented exfiltration, persistence, AI-agent control-surface mutation, or remote payload execution established.
Mechanism
local development bin symlink plus user-configured authenticated GraphQL CLI
Rationale
Static signals are explained by normal CLI authentication, configurable API requests, and an install-time local-bin helper. Source inspection found no concrete malicious chain or unconsented foreign AI-agent configuration mutation.
Evidence
package.jsonscripts/postinstall-local-bin.mjsdist/index.jsREADME.mdnode_modules/.bin/wavenode_modules/.bin/wave-cli~/.wave/auth-token.json~/.wave/config.json
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `scripts/postinstall-local-bin.mjs` only recreates local `wave`/`wave-cli` symlinks when both `node_modules/.bin` and `dist/index.js` exist.
- `dist/index.js` sends authenticated GraphQL requests only to an explicit flag/env/config base URL; no fixed covert endpoint is present.
- Credential storage is tied to explicit `login`/`logout` flows and uses macOS Keychain or `~/.wave` files with mode 0600.
- Local content reads require an explicit `--file` argument or stdin; no broad filesystem harvesting is present.
- No eval/vm, dynamic module loading, native payload loading, or arbitrary shell execution was found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall-local-bin.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License