registry  /  @aicraftalchemy/aca  /  0.0.7

@aicraftalchemy/aca@0.0.7

ACA — agentic coding CLI. Any model, any provider (Claude, Gemini, OpenAI, NVIDIA, Groq, Cerebras, OpenRouter, Hugging Face). Developed by Aicraftalchemy.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The package is an npm bootstrapper for an opaque native/bundled CLI downloaded at install time. Source inspection confirms remote binary download and later execution, but no direct malicious exfiltration, persistence, or destructive behavior in the published JS.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later invokes aca
Impact
Unreviewed remote binary code executes as the user when aca is invoked; install-time download integrity is anchored to a manifest from the same host.
Mechanism
install-time remote binary downloader and runtime launcher
Rationale
Static inspection shows a package-aligned binary bootstrapper with install-time remote downloads and runtime execution, but no concrete malicious behavior in the published JavaScript. Because the real application code is not included and update/download behavior is broad, warn rather than block.
Evidence
package.jsoninstall.cjscli-wrapper.cjsREADME.mdbin/acabin/aca.exebin/rgbin/rg.exebin/aca.vsixbin/.aca-pending-versionbin/aca.pendingbin/aca.exe.pendingbin/rg.pendingbin/rg.exe.pending
Network endpoints2
github.com/lokeshe09/aca-releases/releases/download/v0.0.7aca.aicraftalchemy.com

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.cjs
  • install.cjs downloads platform binary, rg, and aca.vsix from GitHub release URL during install
  • install.cjs trusts manifest.json from same remote origin for file names and SHA-256 hashes
  • cli-wrapper.cjs executes downloaded bin/aca or bin/aca.exe with forwarded args and stdio
  • cli-wrapper.cjs applies staged pending binary updates from bin/*.pending before launch
Evidence against
  • No credential harvesting or exfiltration code found in published JS
  • Network access is limited to package release download host unless ACA_RELEASE_BASE_URL is explicitly set
  • Downloaded files are written under package bin/ only
  • No broad AI-agent config mutation or foreign control-surface writes in package source
  • README describes an agentic coding CLI matching the binary-launcher behavior
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 8.38 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License