AI Security Review
scanned 1h ago · by lpm-firewall-aiInstall-time remote binary execution is present. The postinstall fetches a release asset, stores it in the package directory, and may execute it immediately to install completions. No confirmed AI-agent control-surface mutation or credential exfiltration is present in the JavaScript source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install or package installation on a supported platform with a recognized shell
Impact
A compromised or substituted release asset could execute with the installing user's privileges.
Mechanism
unsigned remote binary download, extraction, and install-time execution
Rationale
The package source does not establish malicious intent, but it performs unsigned install-time retrieval and possible execution of a remote native payload. This is a concrete unresolved security risk rather than a clean installer.
Evidence
package.jsoninstall.jswrapper.jsREADME.mdbin/anesisbin/anesis.exebin/.version
Network endpoints1
github.com/anesis-dev/anesis/releases/download/v${version}/${assetName}
Decision evidence
public snapshotAI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node install.js` at `postinstall`.
- `install.js` downloads a platform binary from GitHub Releases without checksum/signature validation.
- `install.js` writes the downloaded binary to `bin/anesis` or `bin/anesis.exe`.
- `install.js` immediately executes that downloaded binary for shell completions when `SHELL` is recognized.
Evidence against
- The download URL is package-version-derived and points to the declared `anesis-dev/anesis` release path.
- The installer only writes under its own package `bin/` directory and does not modify AI-agent controls.
- No credential harvesting, arbitrary environment exfiltration, eval, or broad filesystem deletion appears in inspected source.
- `wrapper.js` only forwards explicit CLI arguments to the package-local binary.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License