AI Security Review
scanned 2d ago · by lpm-firewall-aiThe package has an install hook that performs local native-binary setup, but it writes only inside the installed package directory. The main risk is suspicious/broken lifecycle behavior referencing undeclared @mimo-ai packages rather than confirmed malware.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user running octo invokes bin/octo
Impact
Possible install failure or unexpected local binary selection if matching undeclared @mimo-ai package exists; no confirmed exfiltration or persistence
Mechanism
install-time native binary link/copy and runtime CLI shim spawn
Attack narrative
On install, postinstall.mjs detects platform/arch and tries to locate @mimo-ai/mimocode-${platform}-${arch}, then hardlinks or copies its binary into bin/.mimocode and chmods it. That target is not declared in package.json and is not used by bin/octo, which instead resolves octocode-ai platform packages and spawns the selected binary when the CLI is run. This is suspicious package-quality and lifecycle behavior, but source inspection did not find exfiltration, persistence, foreign agent-control writes, or install-time execution of the copied binary.
Rationale
Static inspection shows a suspicious, likely erroneous install hook that references undeclared @mimo-ai native packages, but no concrete malicious behavior or unconsented foreign control-surface mutation. Downgrade to warn for unresolved install-hook/native-binary risk rather than block.
Evidence
package.jsonpostinstall.mjsbin/octobin/.mimocode/proc/cpuinfo/etc/alpine-release
Network endpoints2
github.com/farhanic017/octocodegit+https://github.com/farhanic017/octocode.git
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./postinstall.mjs
- postinstall.mjs attempts to resolve undeclared @mimo-ai/mimocode-${platform}-${arch} package
- postinstall.mjs links/copies a native binary into bin/.mimocode during install
- bin/octo honors MIMOCODE_BIN_PATH and spawnSyncs that path with user CLI args
Evidence against
- No install-time network access found
- No credential/env harvesting beyond MIMOCODE_BIN_PATH override
- No writes to home/project AI-agent control surfaces found
- bin/octo resolves package-aligned octocode-ai platform optional dependencies at user-invoked runtime
- No destructive filesystem behavior found
Behavioral surface
Filesystem
CopyleftLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High1 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem
LowCopyleft License