AI Security Review
scanned 3h ago · by lpm-firewall-aiThe package has an install-time remote binary downloader. The downloaded executable is mutable via GitHub latest release and is not integrity checked, but source inspection did not show credential theft, persistence, or agent control hijack.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs voinznext CLI
Impact
Remote release asset could change independently of the npm tarball and later execute under the user's account when the CLI is invoked.
Mechanism
unverified install-time binary download and CLI spawn wrapper
Attack narrative
On install, package.json invokes install.js, which asks GitHub for the latest VoinzNext release and downloads a platform-specific executable from that release into bin/ without verifying a checksum or pinning to npm version 0.2.1. cli.js later spawns the packaged binary with inherited stdio. This is a real supply-chain risk and staged executable carrier pattern, but the inspected source does not show concrete malicious behavior such as exfiltration, persistence, destructive activity, or AI-agent control hijacking.
Rationale
Source inspection confirms an unverified remote binary download during postinstall, making the package risky enough to warn. No concrete malicious payload behavior is present in the npm source, and endpoints are aligned with the declared project repository, so publish blocking is not justified from these files alone.
Evidence
package.jsoninstall.jscli.jsbin/voinznext.exebin/voinznext
Network endpoints2
api.github.com/repos/VoinzzZ/VoinzNext/releases/latestgithub.com/VoinzzZ/VoinzNext/releases/download/${version}/${binaryName}
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node install.js
- install.js fetches https://api.github.com/repos/VoinzzZ/VoinzNext/releases/latest at install time
- install.js downloads a platform binary from GitHub releases without checksum/signature verification
- install.js writes downloaded executable into package bin/ and chmods it executable
- cli.js spawns the downloaded bin with inherited stdio when user runs voinznext
Evidence against
- Only three package files are present: package.json, install.js, cli.js
- No credential/env harvesting, home directory traversal, persistence, destructive actions, or AI-agent control-surface writes found
- Network endpoints are package-aligned with declared repository/homepage
- Downloaded binary is invoked by CLI use, not automatically executed by postinstall
- Non-Windows install appears to write bin/voinznext.exe while cli.js expects bin/voinznext, suggesting broken packaging rather than stealth
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings