AI Security Review
scanned 3d ago · by lpm-firewall-aiThe package has install-time native-binary setup, but inspected source does not establish a malicious payload. The postinstall appears mismatched or broken, resolving @mimo-ai/mimocode packages while the CLI wrapper expects octocode-ai platform packages.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later invokes octo CLI
Impact
May fail install or launch packaged platform binaries; no confirmed exfiltration, persistence, or agent control hijack.
Mechanism
lifecycle binary resolution/link plus CLI native binary launcher
Rationale
Static inspection confirms suspicious lifecycle/native-binary behavior and a package-name mismatch, but the lifecycle action is confined to the package directory and no concrete malicious source behavior or foreign AI-agent control-surface mutation is present. Treat as warn-level unresolved native/lifecycle risk rather than publish-block malware.
Evidence
package.jsonpostinstall.mjsbin/octobin/octocode.exebin/.mimocode
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node ./postinstall.mjs
- postinstall.mjs tries to resolve @mimo-ai/mimocode-${platform}-${arch}, which does not match package optionalDependencies octocode-ai-*
- postinstall.mjs links or copies the resolved binary into package path bin/.mimocode and chmods it
- Package ships an opaque Windows PE binary at bin/octocode.exe
Evidence against
- postinstall.mjs only touches its own package directory path bin/.mimocode, not home/project agent control surfaces
- bin/octo is a user-invoked wrapper that selects optionalDependency octocode-ai-* platform binaries and spawnSyncs them with user arguments
- No inspected JS modifies shell startup files, VCS hooks, MCP/Claude/Codex/Cursor config, or persistence locations
- No source-level credential harvesting, destructive behavior, remote download, or exfiltration endpoint found
Behavioral surface
Filesystem
CopyleftLicense
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/octocode.exeView file
•path = bin/octocode.exe
kind = native_binary
sizeBytes = 143351808
magicHex = [redacted]
Medium
Findings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/octocode.exe
LowScripts Present
LowFilesystem
LowCopyleft License