registry  /  @aicraftalchemy/aca  /  0.0.13

@aicraftalchemy/aca@0.0.13

ACA — agentic coding CLI. Any model, any provider (Claude, Gemini, OpenAI, NVIDIA, Groq, Cerebras, OpenRouter, Hugging Face). Developed by Aicraftalchemy.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

The npm package is a thin installer/launcher for remote compiled payloads, so the reviewed JS does not contain the real application. This creates unresolved supply-chain risk but no confirmed malicious behavior in the package source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; aca command launches or self-heals the binary
Impact
Executes opaque downloaded ACA binary under user account; possible impact depends on remote release contents
Mechanism
remote binary bootstrap with staged runtime updater
Rationale
Static source inspection shows a package-aligned binary installer/launcher with opaque remote executable payloads and staged updates, which warrants warning rather than a clean verdict. There is no source evidence of credential theft, destructive behavior, or unconsented AI-agent control-surface takeover, so a publish block is not justified.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-pending-versionbin/aca.pendingbin/aca.exe.pendingbin/rg.pendingbin/rg.exe.pending
Network endpoints2
github.com/lokeshe09/aca-releases/releases/download/v${VERSION}aca.aicraftalchemy.com

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.cjs
  • install.cjs downloads manifest and platform executables from https://github.com/lokeshe09/aca-releases/releases/download/v${VERSION}
  • install.cjs writes downloaded binaries to bin/aca(.exe), bin/rg(.exe), and aca.vsix
  • cli-wrapper.cjs self-heals by running install.cjs when bin/aca is missing
  • cli-wrapper.cjs applies staged .pending binary updates before launching
Evidence against
  • Downloaded binaries are SHA-256 checked against the downloaded manifest
  • No JS credential harvesting or exfiltration found in package files
  • No install-time mutation of foreign AI-agent config or broad control surface found
  • Network use is limited to release download path plus homepage metadata
  • Runtime spawn is package-aligned: launches the ACA binary with user args
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 9.57 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License