AI Security Review
scanned 2d ago · by lpm-firewall-aiThe package has an install-time fallback downloader for its own native CLI binary, with a base URL override via environment variable. No confirmed malicious behavior or unconsented mutation of external agent control surfaces was found.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; runtime when openwork CLI is invoked
Impact
Installs or runs the package's platform-specific openwork binary
Mechanism
platform binary resolution and fallback download
Rationale
Static source inspection shows a conventional native-binary wrapper package: postinstall verifies optional platform packages and downloads a same-version fallback binary into its own package directory if needed. The network and process execution primitives are package-aligned, user/install triggered, and no concrete attack surface such as exfiltration, persistence, or AI-agent control hijack is present.
Evidence
package.jsonpostinstall.mjsbin/openworkdist/bin/openworkdist/bin/openwork.exe
Network endpoints1
github.com/different-ai/openwork/releases/download/openwork-orchestrator-v${version}/${asset}
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall hook: node ./postinstall.mjs
- postinstall.mjs downloads a platform fallback binary from GitHub releases if optional platform package is absent
- postinstall.mjs permits OPENWORK_ORCHESTRATOR_DOWNLOAD_BASE_URL override for fallback binary source
- bin/openwork executes platform binary or OPENWORK_ORCHESTRATOR_BIN_PATH override when user invokes CLI
Evidence against
- No writes to foreign AI-agent control surfaces, shell startup files, VCS hooks, or OS persistence paths observed
- Install hook only verifies optional platform package or writes fallback binary under package dist/bin
- Network endpoint is package-aligned GitHub release URL for same version
- No credential harvesting, filesystem enumeration, destructive behavior, or exfiltration observed in inspected JS files
Behavioral surface
EnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings