AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface in inspected source. The main risk is package-aligned install-time binary download from GitHub releases, with checksum verification from the same release.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; tacho CLI runs the installed binary
Impact
Installs and executes a project-aligned native tachograph CLI, with residual supply-chain risk from remote release assets but no source-level malicious behavior observed.
Mechanism
postinstall fetches, verifies, extracts, and chmods a platform binary; CLI wrapper spawns it
Rationale
The suspicious lifecycle and child_process findings are explained by a disclosed prebuilt CLI installer and launcher, and the JS source does not collect secrets, modify AI-agent control surfaces at install time, or exfiltrate data. Because the downloaded native binary is not present for inspection, this retains ordinary supply-chain risk but not enough for warn/block on source facts.
Evidence
package.jsoninstall.jsasset.jsbin/tacho.jsREADME.mdbin/tachobin/tacho.exe/tmp/tacho-* archive
Network endpoints2
github.com/kosako/tachograph/releases/download/v0.2.4/tachograph_<platform>_<arch>.<ext>github.com/kosako/tachograph/releases/download/v0.2.4/checksums.txt
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json runs postinstall: node install.js
- install.js downloads a platform archive during install and extracts it with tar
- bin/tacho.js spawns the installed native tacho/tacho.exe binary
Evidence against
- install.js downloads only GitHub release assets under kosako/tachograph for this package version
- install.js verifies the archive SHA256 against the release checksums.txt before extraction
- No env/credential harvesting, persistence, destructive project writes, or exfiltration code found in JS sources
- README.md discloses the postinstall prebuilt-binary download behavior
- CLI execution is user-invoked via bin/tacho.js and only forwards arguments/stdio
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings