registry  /  @aarvionai/guard  /  0.2.10

@aarvionai/guard@0.2.10

Govern your local OpenClaw with Aarvion

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The CLI fetches and executes an opaque remote binary on first user invocation. The package source does not establish malicious payload behavior, but it delegates execution to an unverified release asset.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `aarvion-guard` or `npx @aarvionai/guard`.
Impact
A compromised release asset or redirected download can execute code with the invoking user's permissions.
Mechanism
runtime download and execution of an unverified platform binary
Rationale
The package has no install-time activation, but its sole CLI behavior executes an unauthenticated remote binary outside the reviewed source. This is a concrete unresolved supply-chain execution risk, not proof of malicious intent.
Evidence
package.jsonbin/aarvion-guard.js~/.aarvion/cache/v0.2.9/aarvion-guard_{darwin|linux}_{amd64|arm64}
Network endpoints1
github.com/Aarvion-AI/aarvion-guard-dist/releases/download/v0.2.9/aarvion-guard_{darwin|linux}_{amd64|arm64}

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/aarvion-guard.js` downloads a platform binary at runtime.
  • The downloaded binary is executed with `spawnSync`.
  • No checksum or signature verification protects the release asset.
  • Redirects are followed before writing the executable cache.
Evidence against
  • `package.json` defines no preinstall, install, or postinstall hook.
  • Network and execution occur only after the user invokes `aarvion-guard`.
  • Inspected shim contains no credential harvesting or outbound data upload.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.03 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
bin/aarvion-guard.jsView file
9const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Child Process

Package source references child process execution.

bin/aarvion-guard.jsView on unpkg · L9
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit', L86: env: { ...process.env, AARVION_GUARD_CMD: 'npx @aarvionai/guard' }, L87: })
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/aarvion-guard.jsView on unpkg · L78
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) L81: await download(url, bin) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit',
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/aarvion-guard.jsView on unpkg · L78
3L4: // Thin launcher for `npx @aarvionai/guard`: downloads the platform binary from L5: // GitHub Releases into a cache on first use, then execs it with the given args. ... L9: const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/aarvion-guard.jsView on unpkg · L3

Findings

4 High2 Medium2 Low
HighChild Processbin/aarvion-guard.js
HighSame File Env Network Executionbin/aarvion-guard.js
HighCommand Output Exfiltrationbin/aarvion-guard.js
HighRuntime Package Installbin/aarvion-guard.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings