registry  /  octocode-ai  /  3.4.0

octocode-ai@3.4.0

OctoCode - AI-powered development tool

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The package has install-time native-binary setup, but inspected source does not establish a malicious payload. The postinstall appears mismatched or broken, resolving @mimo-ai/mimocode packages while the CLI wrapper expects octocode-ai platform packages.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later invokes octo CLI
Impact
May fail install or launch packaged platform binaries; no confirmed exfiltration, persistence, or agent control hijack.
Mechanism
lifecycle binary resolution/link plus CLI native binary launcher
Rationale
Static inspection confirms suspicious lifecycle/native-binary behavior and a package-name mismatch, but the lifecycle action is confined to the package directory and no concrete malicious source behavior or foreign AI-agent control-surface mutation is present. Treat as warn-level unresolved native/lifecycle risk rather than publish-block malware.
Evidence
package.jsonpostinstall.mjsbin/octobin/octocode.exebin/.mimocode

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ./postinstall.mjs
  • postinstall.mjs tries to resolve @mimo-ai/mimocode-${platform}-${arch}, which does not match package optionalDependencies octocode-ai-*
  • postinstall.mjs links or copies the resolved binary into package path bin/.mimocode and chmods it
  • Package ships an opaque Windows PE binary at bin/octocode.exe
Evidence against
  • postinstall.mjs only touches its own package directory path bin/.mimocode, not home/project agent control surfaces
  • bin/octo is a user-invoked wrapper that selects optionalDependency octocode-ai-* platform binaries and spawnSyncs them with user arguments
  • No inspected JS modifies shell startup files, VCS hooks, MCP/Claude/Codex/Cursor config, or persistence locations
  • No source-level credential harvesting, destructive behavior, remote download, or exfiltration endpoint found
Behavioral surface
Source
Filesystem
Supply chainNo supply-chain packaging signals triggered.
Manifest
CopyleftLicense
scanned 1 file(s), 2.53 KB of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/octocode.exeView file
path = bin/octocode.exe kind = native_binary sizeBytes = 143351808 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/octocode.exeView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/octocode.exe
LowScripts Present
LowFilesystem
LowCopyleft License