registry  /  @aarvionai/guard  /  0.2.17

@aarvionai/guard@0.2.17

Govern your local OpenClaw with Aarvion

AI Security Review

scanned 2h ago · by lpm-firewall-ai

An explicit CLI invocation downloads and executes an unsigned native binary. The JavaScript shim provides no integrity verification, so compromise of the release asset or redirect chain can execute code as the invoking user.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `aarvion-guard` or `npx @aarvionai/guard`.
Impact
Arbitrary code execution as the invoking user if the fetched asset or redirect target is malicious.
Mechanism
Runtime remote native-binary download, cache, chmod, and execution.
Rationale
The source is not concrete malware, but it fetches and executes an unverified remote binary at runtime. This warrants a warning rather than a block because execution is user-invoked and no lifecycle hook or explicit malicious behavior is present.
Evidence
package.jsonbin/aarvion-guard.js~/.aarvion/cache/v0.2.16/aarvion-guard_${os}_${arch}
Network endpoints1
github.com/Aarvion-AI/aarvion-guard-dist/releases/download/v0.2.16/aarvion-guard_${os}_${arch}

Decision evidence

public snapshot
AI called this Suspicious at 93.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `bin/aarvion-guard.js` downloads a platform executable at runtime.
  • The download lacks a checksum, signature, or pinned content digest.
  • Redirect targets are followed without host validation.
  • The cached downloaded binary is chmodded executable and run via `spawnSync`.
  • It writes a persistent executable cache under `~/.aarvion/cache/v0.2.16`.
Evidence against
  • `package.json` contains no preinstall, install, postinstall, or prepare hook.
  • Network and execution occur only when the user invokes `aarvion-guard`/`npx`.
  • The inspected JavaScript does not harvest credentials, read arbitrary user files, or exfiltrate command output.
  • No foreign AI-agent control-surface mutation appears in the packaged source.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.03 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
bin/aarvion-guard.jsView file
9const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Child Process

Package source references child process execution.

bin/aarvion-guard.jsView on unpkg · L9
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit', L86: env: { ...process.env, AARVION_GUARD_CMD: 'npx @aarvionai/guard' }, L87: })
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/aarvion-guard.jsView on unpkg · L78
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) L81: await download(url, bin) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit',
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/aarvion-guard.jsView on unpkg · L78
3L4: // Thin launcher for `npx @aarvionai/guard`: downloads the platform binary from L5: // GitHub Releases into a cache on first use, then execs it with the given args. ... L9: const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/aarvion-guard.jsView on unpkg · L3

Findings

4 High2 Medium2 Low
HighChild Processbin/aarvion-guard.js
HighSame File Env Network Executionbin/aarvion-guard.js
HighCommand Output Exfiltrationbin/aarvion-guard.js
HighRuntime Package Installbin/aarvion-guard.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings