AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time code fetches and installs a remote native binary. The inspected JS wrapper is package-aligned, but the downloaded executable is not present for static review and is not integrity-pinned.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later user runs deployzy CLI
Impact
Unreviewed release binary gains execution when user invokes the CLI; install modifies package bin directory.
Mechanism
postinstall remote binary downloader and CLI exec wrapper
Attack narrative
On install, deployzy selects the current OS/architecture, downloads a release archive from github.com/jams24/deployzy, extracts or writes a native deployzy binary into the package bin directory, and chmods it executable. The npm bin wrapper later execs that binary with user arguments. The JS code does not show exfiltration or persistence, but the remote binary is outside the package and lacks an integrity check.
Rationale
This is not confirmed malware from the inspected package source, but install-time remote executable delivery without checksum leaves unresolved supply-chain risk. The behavior is package-aligned for a native tunneling CLI, so warn rather than block.
Evidence
package.jsonbin/install.jsbin/cli.jsREADME.mdbin/deployzybin/deployzy.exeos.tmpdir()/deployzy-*os.tmpdir()/deployzy-*/deployzy.tar.gz
Network endpoints2
github.com/jams24/deployzy/releases/download/v1.1.0/deployzy_<platform>_<arch>.<ext>github.com/jams24/deployzy/releases
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node bin/install.js
- bin/install.js downloads a platform executable from GitHub releases during install
- bin/install.js writes the downloaded/extracted binary into bin/deployzy or bin/deployzy.exe without a checksum
- bin/cli.js executes the installed binary with user-supplied CLI args
Evidence against
- No credential, env, or filesystem harvesting found in JS sources
- No AI-agent control-surface writes or persistence hooks found
- Network endpoint is package-aligned GitHub releases for jams24/deployzy
- CLI execution is user-invoked after install
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node bin/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node bin/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings