registry  /  @aarvionai/guard  /  0.2.22

@aarvionai/guard@0.2.22

Govern your local OpenClaw with Aarvion

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The user-invoked CLI downloads and executes an opaque native binary. The JavaScript shim itself has no confirmed credential theft, persistence, or destructive action.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `aarvion-guard` or `npx @aarvionai/guard`.
Impact
A compromised release asset or redirect target could execute arbitrary code as the invoking user.
Mechanism
Remote binary download to a home-directory cache followed by native execution.
Rationale
No concrete malicious behavior appears in the inspected JavaScript, and it has no install hook. However, it executes a remotely fetched native payload without integrity verification, creating a material unresolved supply-chain execution risk.
Evidence
package.jsonbin/aarvion-guard.js~/.aarvion/cache/v0.2.21/aarvion-guard_${platform}_${arch}
Network endpoints1
github.com/Aarvion-AI/aarvion-guard-dist/releases/download/v0.2.21/aarvion-guard_${platform}_${arch}

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/aarvion-guard.js` downloads a platform binary at runtime.
  • The downloaded binary is executed via `spawnSync`.
  • No checksum or signature verification is present.
  • Redirect locations are followed before execution.
Evidence against
  • `package.json` defines no lifecycle scripts.
  • Execution occurs only when the `aarvion-guard` CLI is invoked.
  • Download target is a package-aligned GitHub Releases repository.
  • Source does not harvest files, secrets, or send command output externally.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 3.03 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
bin/aarvion-guard.jsView file
9const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Child Process

Package source references child process execution.

bin/aarvion-guard.jsView on unpkg · L9
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit', L86: env: { ...process.env, AARVION_GUARD_CMD: 'npx @aarvionai/guard' }, L87: })
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/aarvion-guard.jsView on unpkg · L78
78if (!fs.existsSync(bin) || fs.statSync(bin).size < 1_000_000) { L79: const url = `https://github.com/${REPO}/releases/download/${BINARY_TAG}/${name}` L80: process.stderr.write(`downloading aarvion-guard ${BINARY_TAG}...\n`) L81: await download(url, bin) ... L83: } L84: const r = spawnSync(bin, process.argv.slice(2), { L85: stdio: 'inherit',
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

bin/aarvion-guard.jsView on unpkg · L78
3L4: // Thin launcher for `npx @aarvionai/guard`: downloads the platform binary from L5: // GitHub Releases into a cache on first use, then execs it with the given args. ... L9: const https = require('https') L10: const { spawnSync } = require('child_process') L11:
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/aarvion-guard.jsView on unpkg · L3

Findings

4 High2 Medium2 Low
HighChild Processbin/aarvion-guard.js
HighSame File Env Network Executionbin/aarvion-guard.js
HighCommand Output Exfiltrationbin/aarvion-guard.js
HighRuntime Package Installbin/aarvion-guard.js
MediumNetwork
MediumEnvironment Vars
LowFilesystem
LowUrl Strings