AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall automatically fetches a native release artifact and extracts it into the package directory. Invoking the provided CLI executes that fetched artifact. The JavaScript wrapper does not establish credential theft or AI-agent configuration tampering.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install activates postinstall; `mcp-stdio-local` activates the downloaded binary.
Impact
A compromised or substituted release artifact would execute with the installing user's privileges.
Mechanism
remote native-binary download, extraction, and execution
Rationale
No concrete malicious behavior is present in the inspected JavaScript, but automatic download and later execution of an unverifiable opaque native artifact is a material supply-chain risk. Flag as warn rather than block because no evidence shows an active malicious payload or unconsented broad agent-control mutation.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-mcp-stdio-local.jsREADME.mdnode_modules/.bin_real
Network endpoints1
github.com/bitrouter/bitrouter/releases/download/v1.0.0-alpha.24
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node ./install.js` as `postinstall`.
- `binary.js` forms a GitHub-release artifact URL from manifest data.
- `binary-install.js` downloads and extracts an opaque platform binary at install time.
- `binary-install.js` later executes the downloaded binary via `spawnSync`.
- No checksum, signature, or pinned artifact digest is verified before execution.
Evidence against
- JS source only targets the package-local `node_modules/.bin_real` directory.
- No source evidence of credential/env harvesting or exfiltration.
- No source writes MCP/Claude/Cursor/OpenAI configuration.
- Child processes are limited to archive extraction and the installed package binary.
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings