AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation fetches an opaque native payload and places it in the package directory. A later explicit `dstl8` command executes that payload; the shipped JavaScript cannot establish its behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install`/`npx` invokes postinstall; running `dstl8` invokes the downloaded binary.
Impact
A release-hosted binary can run with the privileges of the user who invokes the CLI.
Mechanism
Postinstall remote native-binary bootstrap with same-origin checksum verification.
Rationale
No concrete malicious behavior is present in the shipped JavaScript, but install-time retrieval of an opaque executable leaves a material unresolved payload risk. Downgrade to warn rather than block because the payload is not executed during installation and no agent-control or exfiltration chain is shown.
Evidence
package.jsoninstall.jsbin/dstl8README.mddstl8
Network endpoints1
github.com/control-theory/dstl8/releases/download/v0.2.7
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node install.js` as `postinstall`.
- `install.js` downloads a platform-specific tarball from GitHub Releases.
- The downloaded executable is copied to `dstl8`, outside the published source set.
- Checksum data is fetched from the same release endpoint as the payload.
- `bin/dstl8` later spawns the downloaded native executable.
Evidence against
- `install.js` does not execute the downloaded binary during postinstall.
- Source targets the package-aligned `control-theory/dstl8` GitHub release path.
- The installer validates a SHA-256 value before extracting.
- No source reads environment variables, credentials, agent config, or user files.
- No confirmed exfiltration, destructive action, or AI-agent control-surface write.
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License