AI Security Review
scanned 9d ago · by lpm-firewall-aiThe package is a JS wrapper that can fetch and execute a native CodeSeek binary from GitHub on first CLI run. The fetched executable is not included in this npm tarball and is not integrity-verified by the wrapper, leaving unresolved staged-payload risk but no confirmed malicious JS behavior.
Decision evidence
public snapshot- dist/install/download.js builds GitHub Releases URL and downloads a platform executable without checksum/signature verification.
- dist/bin/codeseek.js downloads missing ~/.codeseek/bin/codeseek, chmods it, then spawnSync executes it with inherited env.
- package.json postinstall requires dist/install/download.js, but that module only exports downloadBinary and does not call it at install time.
- README.md documents MCP/Codex/Claude integration and git-hook commands implemented by the downloaded native binary, not visible in this package source.
- No install-time payload execution confirmed from inspected JS; postinstall import is inert aside from module initialization.
- No credential harvesting or exfiltration logic found in package JS; API token is user-prompted and written to local config.
- Network use is package-aligned: GitHub release binary download and user-configured embedding API endpoints.
- No obfuscation, eval, persistence, destructive behavior, or AI-agent config writes found in shipped JS files.
Source & flagged code
2 flagged · loading sourceInstall-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg