registry  /  interlink-mcp  /  0.7.3

interlink-mcp@0.7.3

Cryptographically-authenticated, cross-machine agent-to-agent chat for Claude Code, over MCP. Pure-Rust binary, delivered via npm.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Installation fetches an unverified native binary from a fixed GitHub Releases endpoint. Runtime executes that binary when the package CLI is invoked. No JavaScript-level credential theft or foreign agent-control-surface modification is present.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install triggers `postinstall`; invoking `interlink-mcp` triggers the downloaded binary.
Impact
A compromised or substituted release asset could execute with the installing or invoking user's privileges.
Mechanism
unverified remote native-binary download followed by CLI execution
Rationale
Source inspection confirms a transparent native-binary wrapper rather than direct malicious behavior. Because installation retrieves and later executes an unverified remote binary, this version warrants a warning rather than a block.
Evidence
package.jsoninstall.jsbin/interlink-mcp.jsREADME.mdbin/interlink-mcp-bin
Network endpoints2
github.comgithub.com/wilfreddenton/interlink/releases/download/v0.7.3/

Decision evidence

public snapshot
AI called this Suspicious at 85.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.js` via `postinstall`.
  • `install.js` downloads a platform-native executable and writes it as executable.
  • `bin/interlink-mcp.js` spawns the downloaded executable with inherited stdio.
  • No checksum or signature verification protects the fetched release asset.
Evidence against
  • Download URL is fixed to the package-aligned `wilfreddenton/interlink` GitHub Releases path.
  • Installer selects only a fixed platform/architecture target mapping.
  • Writes are confined to this package's `bin/` directory.
  • No source evidence of credential harvesting, exfiltration, shell execution, or AI-agent config mutation.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.23 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
matchType = previous_version_dangerous_delta matchedPackage = interlink-mcp@0.6.0 matchedIdentity = npm:aW50ZXJsaW5rLW1jcA:0.6.0 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

install.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltainstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings