AI Security Review
scanned 12d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a postinstall binary downloader plus CLI wrapper, which matches a binary CLI distribution pattern but lacks an in-package checksum.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user running canary invokes bin/canary.js
Impact
Installs and executes a package-provided native binary when invoked by the user; no source evidence of exfiltration or unauthorized mutation
Mechanism
GitHub release binary download and execFileSync CLI wrapper
Rationale
Source inspection shows install-time network download and later execution of a GitHub release binary, but those behaviors are package-aligned for a CLI binary installer and are constrained to expected hosts. No credential theft, data exfiltration, persistence, destructive behavior, or unconsented AI-agent control mutation was found in package source.
Evidence
package.jsonscripts/install.jsbin/canary.jsbin/canarybin/canary.exe
Network endpoints6
github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-linux-x64github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-darwin-arm64github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-win32-x64.exegithub.comobjects.githubusercontent.comrelease-assets.githubusercontent.com
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node scripts/install.js
- scripts/install.js downloads a platform binary during install
- bin/canary.js executes the downloaded bin/canary or bin/canary.exe via execFileSync
Evidence against
- scripts/install.js downloads only from GitHub release URL for package version
- redirect validation restricts hosts to github.com and GitHub asset hosts
- No env/credential/file harvesting found
- No persistence, destructive actions, eval/vm/Function, or AI-agent control-surface writes found
- bin/canary.js only forwards user CLI args to package binary
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings