AI Security Review
scanned 4h ago · by lpm-firewall-aiInstall-time code downloads a native executable from GitHub latest releases into the package directory. This is an unresolved staged native payload risk because the npm tarball does not contain or integrity-pin the executable.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later invokes voinznext CLI
Impact
Remote release asset can define the actual CLI behavior outside the reviewed npm source.
Mechanism
install-time remote binary downloader and CLI spawn wrapper
Attack narrative
On installation, postinstall creates a bin directory, queries the latest GitHub release for VoinzzZ/VoinzNext, downloads the platform-specific release asset, and chmods it. The npm CLI entrypoint later spawns a package-local binary with inherited stdio. The reviewed source does not show data theft or persistence, but the actual executable behavior is deferred to an unpinned remote asset outside the tarball.
Rationale
The package is not confirmed malicious from source inspection, but install-time download of an unpinned native binary means the npm source is only a carrier for unreviewed executable behavior. No concrete credential theft, persistence, destructive behavior, or agent hijack was found in the inspected files.
Evidence
package.jsoninstall.jscli.jsbin/voinznext.exebin/voinznext
Network endpoints2
api.github.com/repos/VoinzzZ/VoinzNext/releases/latestgithub.com/VoinzzZ/VoinzNext/releases/download/${version}/${binaryName}
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs install-time postinstall: node install.js
- install.js fetches latest GitHub release metadata during install
- install.js downloads a platform native binary from GitHub releases without checksum or version pin
- cli.js spawns the downloaded package-local binary with user arguments
Evidence against
- Only three package files are present: package.json, install.js, cli.js
- No env/credential harvesting, home-directory access, persistence, destructive file operations, or AI-agent control-surface writes found
- Network endpoints are GitHub repo/release URLs matching the declared project homepage/repository
- Downloaded binary is only executed when the voinznext CLI is invoked, not immediately by install.js
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings