AI Security Review
scanned 21h ago · by lpm-firewall-aiNo confirmed malicious behavior is established in the inspected source. Residual risk remains because install-time code downloads an opaque executable and the CLI later executes it.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or user running the justcode bin after skipped install download
Impact
Runs package-supplied native executable for an AI coding assistant; behavior of the external binary is not inspectable from this npm tarball.
Mechanism
platform-specific GitHub release binary download and spawn
Attack narrative
On install, postinstall calls ensureBinary, which creates dist-bin, fetches a platform-specific executable from the package's GitHub release, chmods it executable, and renames it into place. If install scripts are skipped, the bin launcher performs the same fetch on first run before spawning the binary. The visible source does not show exfiltration or foreign agent-control mutation, but the fetched executable is outside the package source reviewed here.
Rationale
This is not a publish-block case because the inspected source shows a package-aligned binary bootstrap with no unconsented foreign agent control-surface writes, credential theft, persistence, or exfiltration. It should be warned because install-time retrieval and later execution of an opaque AI-agent binary leaves material behavior outside the npm package source.
Evidence
package.jsonscripts/postinstall.mjsscripts/lib/download-binary.mjsscripts/lib/platform.mjsbin/justcode.mjsREADME.mddist-bin/justcode-<platform>-<arch>dist-bin/justcode-<platform>-<arch>.download
Network endpoints1
github.com/kingeke/justcode/releases/download/v0.1.9/justcode-<platform>-<arch>
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.mjs
- scripts/lib/download-binary.mjs fetches a platform executable from GitHub Releases during install or first run
- bin/justcode.mjs spawns the downloaded dist-bin executable with inherited stdio
- README.md describes an AI coding assistant with file, shell, web, MCP, and provider-key capabilities
Evidence against
- No code writes Claude/Codex/Cursor/MCP control-surface files or agent configs
- No credential/env harvesting or exfiltration logic found in shipped JS files
- Download URL is package-aligned, derived from repository.url and package version
- postinstall can be skipped with JUSTCODE_SKIP_DOWNLOAD and retries only via user-invoked launcher
- No obfuscated strings, eval/vm/Function, native addon loading, persistence, or destructive install behavior found
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings