AI Security Review
scanned 1h ago · by lpm-firewall-aiInstall-time code fetches an unsigned native executable, then the user-facing CLI executes that binary. This is an unverified staged payload path, but inspected scripts show no concrete credential theft, destructive action, or foreign control-surface mutation.
Decision evidence
public snapshot- `package.json` runs `bin/postinstall.js` on install.
- `bin/postinstall.js` downloads an executable from GitHub Releases without checksum/signature validation.
- Postinstall writes the download as executable and follows redirect locations.
- `bin/doc-fetch.js` selects and spawns the downloaded/platform binary.
- Root `doc-fetch` differs from bundled Linux binary, consistent with a fetched replacement.
- The initial download URL is version-pinned to the package publisher's GitHub release.
- Postinstall writes only the package-local binary and wrapper.
- No inspected JS harvests credentials, reads user secrets, alters AI-agent configs, or establishes persistence.
- `bin/install.js` is not referenced by the manifest lifecycle scripts.
Source & flagged code
6 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source invokes a package manager install command at runtime.
bin/doc-fetch.jsView on unpkg · L53This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bin/postinstall.jsView on unpkg