AI Security Review
scanned 2d ago · by lpm-firewall-aiThe package has an install-time binary downloader and verifier. This is package-aligned but creates remote code execution risk because a GitHub release asset is written and executed during npm install without integrity verification.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install or npm postinstall
Impact
A compromised or swapped GitHub release asset could execute native code during installation.
Mechanism
postinstall downloads and executes release binary
Attack narrative
On installation, node install.mjs detects OS/arch, asks GitHub for the latest rpuneet/mycel release, downloads the matching tar.gz, extracts a mycel binary into bin/mycel, chmods it executable, and runs bin/mycel version. The behavior is documented and package-aligned, but the fetched binary is not pinned to the npm package version and is not verified by checksum or signature.
Rationale
This is not confirmed malware or agent control hijacking: the lifecycle behavior installs the package's own CLI binary from its stated upstream and does not harvest data or mutate foreign agent configuration. It is still suspicious because install-time unverified native binary download plus execution is a real remote-code-execution supply-chain risk.
Evidence
package.jsoninstall.mjsbin/mycelREADME.md
Network endpoints2
api.github.com/repos/rpuneet/mycel/releases/latestgithub.com/rpuneet/mycel/releases/download/v${version}/mycel_${version}_${os}_${arch}.tar.gz
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node install.mjs
- install.mjs downloads a platform tarball from GitHub Releases during install
- install.mjs writes downloaded binary to bin/mycel, chmods it executable, then runs bin/mycel version
- getVersion() prefers GitHub latest release over package.json version, so fetched binary is not pinned to npm version
- No checksum/signature verification is present before executing the downloaded binary
Evidence against
- Network endpoints are package-aligned with repository rpuneet/mycel
- No credential/env/home directory harvesting found
- No writes to Claude/Codex/Cursor/MCP or other foreign AI-agent control surfaces found
- No shell execution; execFileSync invokes only bin/mycel with fixed argument version
- bin/mycel placeholder only prints an install error
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings