AI Security Review
scanned 3h ago · by lpm-firewall-aiInstall triggers an unconsented network pingback with a persistent unique install ID. The package is explicitly a dependency-confusion proof of concept for an Apple-adjacent package name.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install lifecycle postinstall
Impact
Tracks affected installs and confirms dependency-confusion resolution from consuming environments.
Mechanism
install-time telemetry beacon with persistent ID
Attack narrative
On npm install, the postinstall hook runs postinstall.js. It reads or creates a stable UUID in the user's cache directory, builds a JSON payload containing that ID, package version, install source, and timestamp, then POSTs it to an Azure endpoint. The package describes itself as a dependency confusion PoC targeting the unscoped cktool-core name rather than Apple's @apple/cktool.core.
Rationale
Source inspection confirms install-time network telemetry and persistent identifier creation in a package explicitly positioned for dependency-confusion testing. Even without credential theft or command execution, unconsented lifecycle beaconing from a confusion package is concrete attack behavior suitable for blocking.
Evidence
package.jsonpostinstall.jsindex.jsREADME.md$XDG_CACHE_HOME/.cktool-core-id~/.cache/.cktool-core-id
Network endpoints1
npx-monitor-76056.azurewebsites.net/api/pingback
Decision evidence
public snapshotAI called this Malicious at 96.0% confidence as Malware with low false-positive risk.
Evidence for block
- package.json runs postinstall: node postinstall.js
- postinstall.js sends install-time POST to npx-monitor-76056.azurewebsites.net/api/pingback
- postinstall.js creates or reuses a persistent install ID in XDG cache/home cache
- Payload includes unique id, version, via=npm-postinstall, and timestamp
- README and package metadata identify this as a dependency confusion PoC for cktool-core vs @apple/cktool.core
Evidence against
- No credential file harvesting found
- No child_process, eval, dynamic code loading, or destructive behavior found
- index.js only prints a warning at runtime
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings