AI Security Review
scanned 26m ago · by lpm-firewall-aiThe npm package performs unconsented install-time setup of a Python package via pipx. Runtime bin execution can also install or run the external Python package and shell-delegates arguments.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall lifecycle, or running the readme-guardian/readme-sync bin
Impact
Remote package installation and code execution outside npm's package contents during install/runtime.
Mechanism
install hook invokes pipx install and wrapper delegates via execSync
Rationale
Source inspection confirms install-time execution of an external package installer, which creates a concrete unconsented remote-code installation path beyond a benign npm wrapper. No evidence of credential theft or exfiltration was found, but the lifecycle hook itself is sufficient to block. Product guard normalized a non-low false-positive publish_block request to warn-only suspicious.
Evidence
package.jsoncli.js
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Malware with medium false-positive risk.
Evidence for warning
- package.json defines postinstall running child_process.execSync('pipx install readme-guardian') during npm install.
- cli.js auto-installs the Python CLI with 'pipx install readme-guardian' when the command is missing.
- cli.js delegates arbitrary user args through shell-interpolated execSync commands.
- The package contains only package.json and cli.js; npm package is mainly an install/delegation wrapper for a remote Python package.
Evidence against
- No credential harvesting, filesystem enumeration, destructive commands, or explicit exfiltration found in package source.
- No hardcoded attacker C2 URL or token found.
- The pipx package name matches the npm package name, suggesting package-aligned delegation rather than typosquat redirection.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemShell
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "try{require('child_process').execSync('pipx install readme-guardian 2>/dev/null',{stdio:'pipe'})}catch(e){}"
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "try{require('child_process').execSync('pipx install readme-guardian 2>/dev/null',{stdio:'pipe'})}catch(e){}"
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium2 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem