registry  /  @aicraftalchemy/aca  /  0.0.35

@aicraftalchemy/aca@0.0.35

ACA — agentic coding CLI. Any model, any provider (Claude, Gemini, OpenAI, NVIDIA, Groq, Cerebras, OpenRouter, Hugging Face). Developed by Aicraftalchemy.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation downloads and executes opaque native binaries from a remote release host. Runtime also accepts staged binary replacements prepared by the downloaded executable. No source-confirmed credential theft or foreign AI-agent control-surface mutation was found.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` postinstall, then `aca` CLI invocation
Impact
A compromised or malicious release host can supply arbitrary native code despite the same-origin manifest hash check.
Mechanism
remote binary bootstrap, execution, and staged self-update
Rationale
The shipped source is a remote opaque-payload carrier with install-time execution and runtime self-update behavior. It does not itself show a concrete malicious chain, so this warrants a warning rather than a publish block.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-bin-versionbin/.aca-pending-version
Network endpoints1
github.com/lokeshe09/aca-releases/releases/download/v0.0.35

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Unknown with low false-positive risk.
Evidence for warning
  • `package.json` runs `node install.cjs` as `postinstall`.
  • `install.cjs` downloads executable ACA and ripgrep payloads at install time.
  • The SHA-256 manifest and payload are both fetched from the same remotely controlled release base.
  • `cli-wrapper.cjs` executes the downloaded binary and applies its staged `.pending` updates.
  • `install.cjs` also downloads `bin/aca.vsix`, an opaque IDE-extension payload.
Evidence against
  • Reviewed JavaScript has no credential harvesting, environment enumeration, or exfiltration.
  • Writes and renames are limited to the package-local `bin/` directory.
  • No source-level writes to AI-agent configuration, shell profiles, VCS hooks, or user files were found.
  • No `eval`, `vm`, dynamic JavaScript loading, or shell-string execution appears in shipped source.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 12.8 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License