AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package is a JS launcher/installer for an external Relay binary. Risk is unresolved because npm postinstall fetches and installs an executable from GitHub releases, but the inspected JS does not show malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or relay CLI execution
Impact
Installs an opaque executable into the user's cache and later runs it when the relay bin is invoked.
Mechanism
install-time remote binary download and CLI spawn
Rationale
This is not confirmed malicious from source inspection, but install-time acquisition of an opaque native executable is a real unresolved supply-chain risk. The behavior appears package-aligned and checksum-guarded, so warn rather than block.
Evidence
package.jsonbin/install.jsbin/lib.jsbin/run.js~/Library/Caches/relay/bin/relay~/.cache/relay/bin/relay%LOCALAPPDATA%/Relay/bin/relay.exe<cache>/version.txt<cache>/bin/relay_{version}_{os}_{arch}.{tar.gz|zip}
Network endpoints4
github.com/valtors/relay/releases/download/v{version}/checksums.txtgithub.com/valtors/relay/releases/download/v{version}/relay_{version}_{os}_{arch}.{tar.gz|zip}api.github.com/repos/valtors/relay/releases/latestgithub.com/valtors/relay/releases/tag/v{version}
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node ./bin/install.js.
- bin/install.js downloads GitHub release archive and checksums.txt during install.
- bin/install.js extracts relay/relay.exe into user cache and chmods it executable.
- bin/run.js spawns the cached or fallback binary with user CLI args.
- Only JS launcher source is present; downloaded native binary contents are not inspectable in package.
Evidence against
- Network endpoints are package-aligned to valtors/relay GitHub releases/API.
- Checksum verification is implemented before replacing cached binary.
- No credential harvesting, broad file scanning, agent config mutation, or exfiltration code found in JS source.
- No eval/vm/Function or dynamic require/import found.
- Writes are limited to Relay cache/version/archive paths derived from OS cache dirs.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./bin/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./bin/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings