AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky lifecycle hook rebuilds better-sqlite3, while network and passphrase paths are explicit runtime CLI features.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install postinstall; explicit usrcp-stream init/serve/sync commands at runtime
Impact
Postinstall may modify dependency build directories; no confirmed exfiltration, persistence, destructive action, or agent control hijack.
Mechanism
native dependency rebuild plus user-invoked encrypted stream server/sync/embedding features
Rationale
Source inspection found a suspicious-looking install hook, but it is scoped to rebuilding a native dependency and does not plant agent instructions, persist, harvest credentials, or contact the network. Runtime network behavior is package-aligned and either localhost, explicitly consented embedding providers, or a user-supplied sync endpoint.
Evidence
package.jsondist/index.jsdist/sync.jsdist/config-io.jsdist/embeddings/openai.jsdist/embeddings/voyage.jsnode_modules/better-sqlite3/buildnode_modules/usrcp-core/node_modules/better-sqlite3/buildnode_modules/usrcp-stream/node_modules/better-sqlite3/buildstream-config.tomlstream.db
Network endpoints5
localhost:11434api.openai.com/v1/embeddingsapi.voyageai.com/v1/embeddings/v1/stream/push/v1/stream/pull
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json postinstall deletes better-sqlite3 build dirs and runs npm rebuild better-sqlite3.
- dist/index.js reads USRCP_PASSPHRASE/--passphrase for explicit CLI commands.
- dist/sync.js can push encrypted local stream events to a user-supplied endpoint.
Evidence against
- No install-time writes to AI-agent configs, VCS hooks, shell startup files, autostart entries, or foreign control surfaces.
- Postinstall is limited to native dependency rebuild cleanup; no install-time network, credential harvesting, or persistence found.
- dist/index.js serve/sync/init behavior is user-invoked CLI/MCP functionality.
- OpenAI/Voyage embedding calls require init-time provider choice, consent, and API key; Ollama defaults to localhost.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
Critical
Red Install Lifecycle Script
Install-time lifecycle script matches a deterministic static-gate block pattern.
package.jsonView on unpkg•scripts.postinstall = node -e "const fs=require(\"fs\"); for (const p of [\"node_modules/better-sqlite3/build\",\"node_modules/usrcp-core/node_modules/better-sqlite3/build\",\"node_modules/usrcp-stream/...
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgFindings
1 Critical1 High2 Medium4 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings