AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package is a JavaScript wrapper/downloader for a native Teleforge CLI binary. Risk remains because install-time code fetches a separate platform package and drops an executable not present in this tarball.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; teleforge CLI invocation can also download and run the binary
Impact
Executes a native binary obtained from npm platform packages or GitHub releases; source package itself shows no exfiltration or control-surface hijack.
Mechanism
platform binary downloader and executable launcher
Rationale
Static inspection found a real staged native-binary download/execute path, including install-time executable creation, but no source evidence of credential theft, destructive behavior, stealth persistence, or AI-agent control hijack. This should warn rather than block because the behavior is package-aligned yet the executable payload is outside the reviewed source tarball.
Evidence
package.jsonscript/postinstall.mjsbin/teleforgeREADME.md.teleforge/tmp/teleforge-install-*/tmp/teleforge-dl-*node_modules/teleforge-<platform>-<arch>/bin/teleforge
Network endpoints1
github.com/TELEFORGEAI/TELEFORGE/releases/download/v1.0.3/<asset>
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node ./script/postinstall.mjs
- script/postinstall.mjs invokes npm install for platform package teleforge-<platform>-<arch>@1.0.4 during install
- script/postinstall.mjs copies/links downloaded binary to .teleforge and chmods it executable
- bin/teleforge downloads release archives from GitHub and extracts/runs a cached .teleforge binary when invoked
- bin/teleforge uses tar/PowerShell extraction and child_process.spawn to execute the native binary
Evidence against
- No credential, environment, SSH, or home-directory harvesting found in package source
- No AI-agent configuration or foreign control-surface writes found
- Postinstall package selection is derived from OS/CPU only, not attacker/user-controlled arguments
- Network activity is package-aligned binary acquisition for the Teleforge CLI
- No destructive persistence beyond cached project package binary .teleforge was observed
Behavioral surface
ChildProcessFilesystemShell
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./script/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./script/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High1 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem