AI Security Review
scanned 2h ago · by lpm-firewall-aiA user-running CLI bootstrap downloads and executes an unchecked native binary. The install lifecycle import is inert because the module has no import-time download call.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `codeseek` when `~/.codeseek/bin/codeseek` is absent.
Impact
A compromised release artifact or accepted redirect can execute arbitrary code as the invoking user.
Mechanism
Unchecked remote binary download followed by local execution with inherited environment.
Rationale
Source inspection does not prove the package is malicious, and its postinstall hook is inert. However, executing an unsigned remotely fetched binary creates an unresolved, concrete high-impact risk.
Evidence
package.jsondist/install/download.jsdist/bin/codeseek.jsREADME.md~/.codeseek/config.json~/.codeseek/bin/codeseek
Network endpoints1
github.com/CodeBendKit/codeseek/releases/download/
Decision evidence
public snapshotAI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/install/download.js` downloads a platform executable without checksum or signature validation.
- `dist/install/download.js` follows server-provided redirects before writing the executable.
- `dist/bin/codeseek.js` executes the downloaded `~/.codeseek/bin/codeseek` via `spawnSync` with inherited environment.
- The package’s declared `postinstall` imports the downloader module.
Evidence against
- The imported downloader only defines/exports `downloadBinary`; it does not download or execute during `postinstall`.
- Configuration token input occurs only in the interactive CLI wizard and is written locally to `~/.codeseek/config.json`.
- The inspected JavaScript wrapper contains no credential harvesting, exfiltration, destructive action, or AI-agent configuration mutation.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings