AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time code retrieves an opaque native executable, which the CLI later runs. The JavaScript wrapper does not expose a confirmed malicious action, but the downloaded payload is not source-inspectable or integrity-verified.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` downloads the binary; invoking `docmost-local-mcp` executes it.
Impact
A compromised or substituted release asset could execute with the installing or invoking user's privileges and inherited environment.
Mechanism
remote native-binary download and execution
Rationale
No concrete malicious behavior is present in the inspected JavaScript, and the binary-download design is documented. However, install-time retrieval of an unverified opaque executable leaves a real supply-chain execution risk.
Evidence
package.jsonpostinstall.jscli.jsREADME.mdbin/docmost-local-mcpbin/docmost-local-mcp.exe
Network endpoints1
github.com/wisflux/docmost-local-mcp/releases/download/v0.9.0/docmost-local-mcp-${platform}
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node postinstall.js` during installation.
- `postinstall.js` downloads a platform executable from GitHub Releases without checksum or signature verification.
- `postinstall.js` follows up to five redirects and writes the response to `bin/docmost-local-mcp*`.
- `cli.js` executes the downloaded binary and forwards its inherited environment.
Evidence against
- The release URL is deterministic and derived from the package's own pinned version.
- The package source contains no JS credential harvesting, destructive action, eval, or hidden persistence.
- The README explicitly discloses the install-time binary download and runtime MCP behavior.
- The CLI executes only the package-local downloaded binary after explicit user invocation.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings