AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Risky primitives are package-aligned media tooling and shell completion setup.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or explicit mediasnacks CLI command invocation
Impact
May create a _mediasnacks completion file during install and modify user-selected media/files during CLI use
Mechanism
zsh completion file generation and hardcoded media command dispatch
Rationale
Static source inspection shows the install hook is limited to mediasnacks zsh completion setup, while runtime process/file operations are explicit media utility commands. No concrete exfiltration, persistence, destructive install-time behavior, remote code execution, or foreign AI-agent control-surface mutation was found.
Evidence
package.jsoninstall-zsh-completions.jssrc/cli.jssrc/utils/subprocess.jssrc/qdir.jssrc/dlaudio.jssrc/dlvideo.jssrc/vdiff.shsrc/framediff.shsrc/vconcat.shsrc/rmcover.shsrc/flattendir.sh_mediasnacksuser-supplied media/file pathsuser-selected qdir .lock and .sh files
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: node install-zsh-completions.js
- install-zsh-completions.js runs zsh to read fpath and writes _mediasnacks completion file
- src/cli.js uses dynamic import/spawn for hardcoded bundled commands
- User-invoked qdir runs *.sh files in a selected directory
Evidence against
- Postinstall writes only package-specific zsh completions to an fpath directory and exits on systems without zsh
- CLI command table maps only fixed package-owned JS/sh helper paths
- No package code network exfiltration endpoints found; only user-supplied yt-dlp URLs and documentation links
- No credential harvesting, npm token access, AI-agent config mutation, remote payload loading, or obfuscation found
- Shell helpers are media/file utilities invoked by explicit CLI commands
Behavioral surface
ChildProcessCryptoDynamicRequireEvalFilesystemShell
UrlStrings
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install-zsh-completions.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgsrc/edgespic.jsView file
56'-y',
L57: '-sseof', -1 / eval(r_frame_rate),
L58: '-i', video,
Low
Eval
Package source references a known benign dynamic code generation pattern.
src/edgespic.jsView on unpkg · L56src/cli.jsView file
80if (cmd.endsWith('.js'))
L81: await (await import(cmd)).default()
L82: else
Medium
Dynamic Require
Package source references dynamic require/import behavior.
src/cli.jsView on unpkg · L80src/vdiff.shView file
•path = src/vdiff.sh
kind = build_helper
sizeBytes = 742
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
src/vdiff.shView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requiresrc/cli.js
MediumShips Build Helpersrc/vdiff.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalsrc/edgespic.js
LowFilesystem
LowUrl Strings