AI Security Review
scanned 1h ago · by lpm-firewall-aiThe npm package is a thin installer/launcher for remote compiled payloads, so the reviewed JS does not contain the real application. This creates unresolved supply-chain risk but no confirmed malicious behavior in the package source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; aca command launches or self-heals the binary
Impact
Executes opaque downloaded ACA binary under user account; possible impact depends on remote release contents
Mechanism
remote binary bootstrap with staged runtime updater
Rationale
Static source inspection shows a package-aligned binary installer/launcher with opaque remote executable payloads and staged updates, which warrants warning rather than a clean verdict. There is no source evidence of credential theft, destructive behavior, or unconsented AI-agent control-surface takeover, so a publish block is not justified.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-pending-versionbin/aca.pendingbin/aca.exe.pendingbin/rg.pendingbin/rg.exe.pending
Network endpoints2
github.com/lokeshe09/aca-releases/releases/download/v${VERSION}aca.aicraftalchemy.com
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.cjs
- install.cjs downloads manifest and platform executables from https://github.com/lokeshe09/aca-releases/releases/download/v${VERSION}
- install.cjs writes downloaded binaries to bin/aca(.exe), bin/rg(.exe), and aca.vsix
- cli-wrapper.cjs self-heals by running install.cjs when bin/aca is missing
- cli-wrapper.cjs applies staged .pending binary updates before launching
Evidence against
- Downloaded binaries are SHA-256 checked against the downloaded manifest
- No JS credential harvesting or exfiltration found in package files
- No install-time mutation of foreign AI-agent config or broad control surface found
- Network use is limited to release download path plus homepage metadata
- Runtime spawn is package-aligned: launches the ACA binary with user args
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License