AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface in the npm source. The install hook fetches and extracts a package-aligned prebuilt CLI binary, which is common but not independently verified by source inspection.
Decision evidence
public snapshot- package.json defines postinstall: node ./install.js
- binary-install.js downloads a platform tarball from GitHub releases during install and extracts it
- binary-install.js runs tar/unzip/powershell and later spawnSyncs the installed vallum binary
- install.js only calls package-owned binary installer
- download URL is package-aligned: github.com/kahramanemir/Vallum/releases/download/v0.5.1
- installer writes only under package node_modules/.bin_real, not home/project AI agent config
- run-vallum.js is a user-invoked bin wrapper for the installed vallum binary
- README Claude hook writes are documented user-invoked vallum install-hook behavior, not npm lifecycle behavior
- README prompt-injection phrases are product documentation examples, not reviewer instructions
Source & flagged code
3 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage text addresses the security reviewer or scanner and tries to influence the review outcome.
README.mdView on unpkg