AI Security Review
scanned 3h ago · by lpm-firewall-aiThe main risk is install-time scanning of the installing project and local file writes, which is surprising but package-aligned. No confirmed malicious exfiltration or foreign control-surface mutation is present in inspected source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs package postinstall; CLI commands run by user
Impact
May read project files through scanner dependencies and write local Verglos config/reports/cache; no confirmed attack behavior in package source.
Mechanism
install-time project scan plus local config/cache writes; optional license unlock request
Rationale
Postinstall project scanning and local writes justify a warning, but inspected source does not show malware, destructive behavior, hidden credential theft, remote payload execution, or AI-agent control hijack. The network behavior is first-party license activation and the git hook is explicit user-command setup.
Evidence
package.jsonscripts/postinstall.jsdist/scan.jsdist/config.jsdist/credentials.jsdist/index.jsdist/fix.js.verglos.config.js~/.verglos/credentials.json~/.verglos/last-score.json.git/hooks/pre-commit
Network endpoints1
verglos.com/api/license/unlock
Decision evidence
public snapshotAI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js runs executeScan on INIT_CWD/process.cwd during npm install unless VERGLOS_SKIP_POSTINSTALL=1
- dist/scan.js calls runScan on projectRoot and writeReports, then saves last score
- dist/config.js writes .verglos.config.js if missing
- dist/credentials.js can POST licenseKey, fingerprint, and machineId to https://verglos.com/api/license/unlock when prior credentials exist
- dist/config.js installs .git/hooks/pre-commit only through explicit verglos hook command
Evidence against
- Behavior is aligned with a security scanner CLI package
- No child_process, eval, native binary loading, destructive file operations, or hidden persistence found in package source
- Network endpoint is package-aligned and limited to license unlock flow
- Pre-commit hook setup is user-invoked, not postinstall-triggered
- Credential writes are under package-owned ~/.verglos files
- No evidence of AI-agent control-surface mutation or prompt injection files
Behavioral surface
CryptoDynamicRequireEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgdist/config.jsView file
3import { DEFAULT_CONFIG } from "@verglos/shared";
L4: const CONFIG_TEMPLATE = `/** @type {import('@verglos/shared').VerglosConfig} */
L5: module.exports = ${JSON.stringify(DEFAULT_CONFIG, null, 2)};
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/config.jsView on unpkg · L3Findings
1 High4 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings