registry  /  vallum  /  0.8.4

vallum@0.8.4

Security boundary between AI coding agents and your shell — redacts secrets, neutralizes prompt injection, sanitizes untrusted terminal output, audits every command.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Npm installation downloads and unpacks a native release artifact into the package directory. The payload is not integrity-verified by the installer and can later execute when the CLI is invoked.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` activates `postinstall`; invoking `vallum` activates the unpacked binary.
Impact
A compromised release or redirect target could place a native executable that runs under the CLI user's account.
Mechanism
install-time remote native-binary retrieval and extraction
Rationale
This is a package-aligned native-binary installer, not confirmed malicious source behavior. Its unverified install-time remote payload makes it an unresolved staged-payload risk that warrants a warning.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-vallum.jsREADME.mdnode_modules/.bin_real
Network endpoints1
github.com/kahramanemir/Vallum/releases/download/v0.8.4

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node ./install.js` as `postinstall`.
  • `install.js` invokes the native-binary installer during dependency installation.
  • `binary-install.js` downloads, extracts, and stores a platform binary without checksum or signature verification.
  • `binary-install.js` follows redirects without restricting the final download host.
Evidence against
  • `binary.js` constructs artifacts from the pinned GitHub release base and declared platform filenames.
  • JS source uses environment variables only for proxy selection; no credential harvesting or exfiltration found.
  • No JS writes AI-agent configuration or executes the downloaded binary until the user invokes the `vallum` CLI.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 13.4 KB of source, external domains: example.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
README.mdView file
| **Injection defense** | Neutralizes "ignore previous instructions"-style text in five languages, then wraps the output in untrusted-data markers so it can't hijack the agent. |
High
Ai Reviewer Manipulation

Package text addresses the security reviewer or scanner and tries to influence the review outcome.

README.mdView on unpkg

Findings

2 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighAi Reviewer ManipulationREADME.md
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings