AI Security Review
scanned 7h ago · by lpm-firewall-aiThe package is a binary installer wrapper. No concrete malicious behavior is present in the JavaScript source, but install-time remote binary download leaves unresolved payload risk.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall and later user invocation of clipal
Impact
future clipal invocations execute the downloaded vendor binary
Mechanism
install-time download of platform executable plus CLI spawn wrapper
Attack narrative
On install, scripts/postinstall.js selects an OS/arch-specific Clipal asset, downloads checksums.txt and the binary from GitHub Releases or CLIPAL_NPM_BASE_URL, verifies SHA-256 against that downloaded checksum file, then copies the executable into vendor/. The bin entry does not implement CLI behavior itself; it spawns the installed vendor binary when the user runs clipal.
Rationale
Static source inspection shows a package-aligned binary installer with install-time network download and later executable spawning, but no exfiltration, persistence, agent control hijack, or destructive behavior in the shipped JavaScript. Because the actual payload is a remotely fetched executable and the checksum source is fetched from the same base, warning is appropriate rather than publish blocking.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exeos.tmpdir()/clipal-npm-*/checksums.txtos.tmpdir()/clipal-npm-*/*
Network endpoints4
github.com/PAIArtCom/Clipal/releases/downloadclipal.paiart.comgithub.com/PAIArtCom/Clipalregistry.npmjs.org/
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./scripts/postinstall.js
- scripts/postinstall.js downloads a platform binary during install into vendor/clipal or vendor/clipal.exe
- scripts/postinstall.js allows CLIPAL_NPM_BASE_URL to override the release download base
- bin/clipal.js later spawns the downloaded vendor binary with inherited stdio
Evidence against
- No credential/env harvesting beyond the download-base override was found
- No AI-agent control-surface writes, persistence hooks, destructive actions, or broad home/project mutations were found
- Network use is aligned with README/package metadata for installing the Clipal CLI from GitHub Releases
- Downloaded asset is checksum-verified against checksums.txt for the same package version
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings