AI Security Review
scanned 8h ago · by lpm-firewall-aiThe package has an install-time executable replacement path: postinstall fetches a platform binary and installs it as bin/xei. This is package-aligned but lacks integrity verification, leaving supply-chain risk without confirmed malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install / postinstall
Impact
Runs a downloaded terminal editor binary when user invokes xei; install can replace the packaged binary with remote release content.
Mechanism
install-time native binary download and chmod
Attack narrative
On installation, npm runs install.js, which removes the existing bin/xei, downloads a platform-specific gzipped executable from the project's GitHub release, decompresses it into bin/xei, and marks it executable. The behavior is consistent with distributing a Rust CLI editor, but the remote binary is not checksum-verified.
Rationale
Static inspection found a real install-time native binary download with no integrity check, which is risky enough to warn but remains package-aligned and lacks concrete malicious actions. No exfiltration, persistence, AI-agent hijack, or unrelated network/control behavior was found.
Evidence
package.jsoninstall.jsbin/xeiREADME.md
Network endpoints1
github.com/stremtec/xei/releases/download/v0.3.0/xei-${target}${EXE}.gz
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node install.js
- install.js downloads a gzipped executable during install from GitHub releases and writes bin/xei
- install.js follows redirects and does not verify checksum/signature before chmod 755
- Package also ships native Mach-O executable at bin/xei
Evidence against
- Download URL is package-aligned: github.com/stremtec/xei releases v0.3.0
- README documents xei as a Rust terminal editor and bin/xei strings match editor commands/themes
- No evidence of credential harvesting, AI-agent control-surface writes, persistence hooks, or destructive install behavior
- Only network endpoint found in install code is the package release host
Behavioral surface
FilesystemNetwork
UrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/xeiView file
•path = bin/xei
kind = native_binary
sizeBytes = 989520
magicHex = [redacted]
Medium
Findings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumShips Native Binarybin/xei
LowScripts Present
LowFilesystem
LowUrl Strings