AI Security Review
scanned 4h ago · by lpm-firewall-aiThe package is a lifecycle-triggered remote binary downloader. It pulls the latest GitHub release asset at install time and stores it as an executable for later CLI invocation.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later invokes voinznext CLI
Impact
Remote release contents can change independently of the npm version and become the executed CLI payload without checksum validation.
Mechanism
unpinned install-time binary download
Attack narrative
On install, install.js creates a bin directory, queries GitHub for the latest release tag, downloads a platform-specific binary asset, writes it as bin/voinznext.exe, and marks it executable on non-Windows. The CLI wrapper then spawns a local binary path when the user runs voinznext. The source does not show exfiltration or install-time execution of the binary, but the unpinned remote executable is a staged payload risk.
Rationale
Static source inspection confirms an install-time, unpinned remote executable download with no checksum verification, which is risky but not enough by itself to prove malicious behavior. No concrete data theft, persistence, destructive action, or agent hijack behavior was present in the reviewed package source.
Evidence
package.jsoninstall.jscli.jsbin/voinznext.exe
Network endpoints2
api.github.com/repos/VoinzzZ/VoinzNext/releases/latestgithub.com/VoinzzZ/VoinzNext/releases/download/${version}/${binaryName}
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node install.js
- install.js fetches latest release metadata from api.github.com during install
- install.js downloads a platform binary from github.com releases without pinning or checksum verification
- install.js writes the downloaded executable under bin/voinznext.exe and chmods it executable on non-Windows
- cli.js later spawns the downloaded local binary with inherited stdio
Evidence against
- No credential/env harvesting found in package source
- No persistence, destructive behavior, eval/vm/Function, or AI-agent control-surface writes found
- Network endpoints are package GitHub release endpoints, not obvious exfiltration endpoints
- Downloaded binary is not executed by postinstall in reviewed source
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings