registry  /  @aicraftalchemy/aca  /  0.0.16

@aicraftalchemy/aca@0.0.16

ACA — agentic coding CLI. Any model, any provider (Claude, Gemini, OpenAI, NVIDIA, Groq, Cerebras, OpenRouter, Hugging Face). Developed by Aicraftalchemy.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The postinstall hook downloads opaque native artifacts into the package-local `bin/` directory. The command wrapper later executes the downloaded ACA binary and can replace it with a staged update.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` runs the hook; invoking `aca` executes `bin/aca`
Impact
A release-host compromise or artifact substitution can deliver arbitrary native code when the CLI is run.
Mechanism
postinstall remote binary bootstrap with runtime execution
Rationale
This is an opaque remote-payload carrier with a postinstall fetch and update path, so source inspection cannot establish it as clean. The visible wrapper lacks a concrete malicious chain, so blocking is not justified.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-pending-version
Network endpoints1
github.com/lokeshe09/aca-releases/releases/download/v0.0.16

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` invokes `node install.cjs` on `postinstall`.
  • `install.cjs` downloads platform binaries from a mutable GitHub release URL.
  • Checksum metadata and executable are fetched from the same unpinned release source.
  • `cli-wrapper.cjs` executes the downloaded `bin/aca` and accepts staged pending replacements.
  • The installer also downloads `bin/rg` and `bin/aca.vsix`.
Evidence against
  • Visible JS reads no credentials or user files.
  • Install-time writes are limited to package-local `bin/` paths.
  • `install.cjs` does not execute the fetched ACA binary during installation.
  • No visible source mutation of VS Code, Cursor, Windsurf, or other agent configuration occurs.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 9.57 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License