AI Security Review
scanned 2h ago · by lpm-firewall-aiAn explicit CLI invocation downloads and executes an unsigned native binary. The JavaScript shim provides no integrity verification, so compromise of the release asset or redirect chain can execute code as the invoking user.
Decision evidence
public snapshot- `bin/aarvion-guard.js` downloads a platform executable at runtime.
- The download lacks a checksum, signature, or pinned content digest.
- Redirect targets are followed without host validation.
- The cached downloaded binary is chmodded executable and run via `spawnSync`.
- It writes a persistent executable cache under `~/.aarvion/cache/v0.2.16`.
- `package.json` contains no preinstall, install, postinstall, or prepare hook.
- Network and execution occur only when the user invokes `aarvion-guard`/`npx`.
- The inspected JavaScript does not harvest credentials, read arbitrary user files, or exfiltrate command output.
- No foreign AI-agent control-surface mutation appears in the packaged source.
Source & flagged code
4 flagged · loading sourcePackage source references child process execution.
bin/aarvion-guard.jsView on unpkg · L9A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/aarvion-guard.jsView on unpkg · L78Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
bin/aarvion-guard.jsView on unpkg · L78Package source invokes a package manager install command at runtime.
bin/aarvion-guard.jsView on unpkg · L3