AI Security Review
scanned 8d ago · by lpm-firewall-aiThe package has an install-time remote binary fetch, but the endpoint is package-owned and checksum-verified. No confirmed malicious behavior is present in the inspected JavaScript source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking tacho runs the downloaded binary
Impact
Remote native binary is installed for later execution; no source-confirmed exfiltration or control-surface mutation.
Mechanism
package-aligned prebuilt binary installer and CLI launcher
Rationale
Static inspection found a disclosed, package-aligned postinstall that downloads and verifies a native CLI binary, plus a wrapper that executes it only when the CLI is invoked. Because the binary payload is remote and not present for source review, this is a warn-level remote binary install risk rather than confirmed malware.
Evidence
package.jsoninstall.jsasset.jsbin/tacho.jsREADME.mdbin/tachobin/tacho.exe/tmp/tacho-*
Network endpoints2
github.com/kosako/tachograph/releases/download/v0.2.5/<asset>github.com/kosako/tachograph/releases/download/v0.2.5/checksums.txt
Decision evidence
public snapshotAI called this Suspicious at 72.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node install.js.
- install.js fetches a platform archive and checksums.txt from GitHub releases at install time.
- install.js extracts the downloaded archive into bin/ and chmods the resulting tacho binary.
- bin/tacho.js later executes bin/tacho via child_process.spawnSync with user args.
Evidence against
- install.js downloads only package-aligned assets under github.com/kosako/tachograph/releases/download/v0.2.5/.
- install.js verifies the archive SHA-256 against the release checksums before extraction.
- No source evidence of credential harvesting, home/project agent config writes, persistence, or destructive behavior.
- README discloses the prebuilt binary download and shows Claude setup as a user-invoked CLI command.
Behavioral surface
ChildProcessCryptoFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings