registry  /  @apexfdn/apex  /  1.0.2

@apexfdn/apex@1.0.2

Coding agent CLI with read, bash, edit, write tools and session management

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The package has an install-time remote native binary fetch and a CLI wrapper that executes that binary later. No concrete malicious behavior is visible in inspected JavaScript, but the payload is opaque and outside the package source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invokes apex CLI
Impact
Unverified native code is installed and later executed with user arguments and environment
Mechanism
install-time GitHub release binary downloader plus CLI exec wrapper
Rationale
Source inspection does not show confirmed malware, exfiltration, destructive behavior, or AI-agent control-surface mutation. The install-time opaque binary download plus inconsistent provenance is a real unresolved supply-chain risk, so warn rather than block.
Evidence
package.jsoninstall.jsapex.jsREADME.mdbin/apexbin/apex.exe
Network endpoints1
github.com/Apex-Foundation/copilot/releases/download/v${VERSION}/${assetName}

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform native executable from GitHub releases during install
  • install.js writes bin/apex or bin/apex.exe and chmods non-Windows binary executable
  • Downloaded binary is not present for source inspection in the package
  • package.json/README metadata references can1357/oh-my-pi and @oh-my-pi/pi-coding-agent, while installer fetches Apex-Foundation/copilot
Evidence against
  • apex.js only delegates user CLI arguments to local bin/apex with inherited stdio/env
  • No source-level credential harvesting, broad filesystem traversal, persistence, destructive action, or AI-agent config mutation found
  • Network use in package source is limited to GitHub release download in install.js
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 2.38 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings