AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package is a CLI installer that fetches a platform-specific native binary at npm postinstall and later executes it through the bin wrapper. This creates supply-chain risk from a remote executable, but the reviewed JS source does not show concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user running clipal invokes bin/clipal.js
Impact
Remote release binary is installed under vendor and executed on user command; behavior of that binary is not inspectable from package source
Mechanism
install-time remote binary download and CLI wrapper spawn
Attack narrative
On install, scripts/postinstall.js selects an OS/architecture asset, downloads checksums.txt and the matching binary from GitHub Releases, verifies the downloaded binary against that remote checksum, copies it into vendor, and marks it executable. The npm bin then spawns that binary when the user runs clipal. The JS source is package-aligned and lacks exfiltration or persistence, but the actual executable payload is remote and outside the package source.
Rationale
Static source inspection found no confirmed malicious JS behavior, but install-time retrieval and later execution of an opaque native binary is a real unresolved supply-chain risk. Treat as suspicious/warn rather than block because the behavior matches the package’s documented CLI installer purpose.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exe
Network endpoints1
github.com/PAIArtCom/Clipal/releases/download
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./scripts/postinstall.js
- scripts/postinstall.js downloads platform binary and checksums.txt from GitHub Releases during install
- scripts/postinstall.js writes vendor/clipal or vendor/clipal.exe and chmods it executable
- bin/clipal.js spawns the downloaded vendor binary with user CLI args
Evidence against
- No credential, environment, or filesystem harvesting found
- No destructive behavior or persistence found
- Network endpoint is aligned with package README/repository release installation purpose
- Checksum verification exists, though checksum is fetched from the same remote release source
- No prompt/reviewer manipulation or AI-agent control-surface writes found
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings