AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation automatically retrieves an unsigned platform-native archive and executes its binary for a version check. The CLI repeats the remote-binary download and execution path when no cached or companion binary exists. No source evidence shows credential theft, AI-agent control-surface mutation, or destructive behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; explicit `teleforge` invocation when the local binary is absent
Impact
A compromised release asset or unrestricted redirect target can execute arbitrary native code under the installing user's account.
Mechanism
remote release archive download, extraction, package-local binary replacement, and native process execution
Rationale
Source inspection confirms an install-time remote native payload execution chain with inadequate integrity validation. The available source does not establish malicious intent or a concrete harmful payload, so warning is proportionate rather than blocking.
Evidence
package.jsonscript/postinstall.mjsbin/teleforge.teleforge.teleforge-version
Network endpoints2
github.com/TELEFORGEAI/TELEFORGEE/releases/download/v${version}/${zipName}github.com/TELEFORGEAI/TELEFORGEE/releases/download/v1.0.27/${assetName}
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node ./script/postinstall.mjs` on install.
- `script/postinstall.mjs` downloads a GitHub release archive, extracts it, and writes `.teleforge`.
- Postinstall executes the downloaded `.teleforge --version`; version text is the only validation.
- HTTP redirects are followed without restricting the destination host.
- `bin/teleforge` can also download, extract, chmod, and execute a release binary.
Evidence against
- Network URL is fixed to the package-aligned `TELEFORGEAI/TELEFORGEE` GitHub repository.
- Inspected scripts contain no credential harvesting, data exfiltration, agent-config writes, eval, or destructive project-wide actions.
- Writes are limited to package-local `.teleforge` and `.teleforge-version` plus temporary directories.
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./script/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./script/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings