AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Install-time native dependency rebuild is present but scoped to better-sqlite3; runtime file and network behavior is package-aligned encrypted ledger, pairing, and identity rotation functionality.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; runtime APIs run only when imported functions/classes are called
Impact
Local ~/.usrcp key/ledger files may be created or updated by explicit runtime use; pairing/rotation may contact caller-provided endpoints.
Mechanism
native dependency rebuild plus user-invoked encrypted ledger/pairing operations
Rationale
Static source inspection shows suspicious primitives are aligned with a crypto/SQLite ledger package: install rebuilds a declared native dependency, and runtime network/file operations require explicit API calls and caller-provided endpoints. I found no concrete unconsented exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation.
Evidence
package.jsondist/index.jsdist/encryption.jsdist/crypto.jsdist/pair.jsdist/rotate-identity.jsdist/ledger/core.jsdist/ledger/keys.jsnode_modules/better-sqlite3/build~/.usrcp/users/<slug>/keys/*~/.usrcp/users/<slug>/ledger.db~/.usrcp/MIGRATED.md
Network endpoints5
opts.endpoint/v1/pairing/initopts.endpoint/v1/pairing/claim/{code}opts.endpoint/v1/pairing/listopts.endpoint/v1/pairing/{code}opts.endpoint/v1/rotate-identity
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json has postinstall that removes node_modules/better-sqlite3/build and runs npm rebuild better-sqlite3.
- dist/pair.js and dist/rotate-identity.js make user-invoked fetch calls to caller-provided opts.endpoint paths.
Evidence against
- dist/index.js only re-exports package modules; no import-time exfiltration or shell execution found.
- postinstall action is scoped to rebuilding declared dependency better-sqlite3, not arbitrary files or network endpoints.
- dist/encryption.js, dist/crypto.js, and dist/ledger/* implement local encrypted ledger/key storage under ~/.usrcp.
- No hardcoded exfiltration host, credential harvesting loop, eval/vm/Function, or child_process use found.
- Network use is package-aligned pairing/identity API calls requiring caller-supplied endpoint and invocation.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
HighEntropyStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "const fs=require('fs'); for (const p of ['node_modules/better-sqlite3/build']) fs.rmSync(p,{recursive:true,force:true})" && npm rebuild better-sqlite3
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "const fs=require('fs'); for (const p of ['node_modules/better-sqlite3/build']) fs.rmSync(p,{recursive:true,force:true})" && npm rebuild better-sqlite3
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High1 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings