registry  /  @civitai/cli  /  0.1.43

@civitai/cli@0.1.43

The Civitai CLI — author and ship Civitai App Blocks. Installs the prebuilt Go binary.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

The package is a documented npm wrapper for a Civitai CLI binary. The only notable surface is install-time/lazy download of a versioned GitHub release asset, checksum verification, and runtime spawning of that binary.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or invoking the civitai bin when the binary is missing
Impact
Installs and runs a package-owned CLI binary; no confirmed malicious behavior in inspected JS source.
Mechanism
download verified package-aligned native CLI and spawn it
Rationale
Static inspection shows a transparent, package-aligned CLI wrapper that downloads and checksum-verifies its own GitHub release binary, then spawns it on user invocation. The lifecycle/network/child_process findings are explained by the package purpose, with no source evidence of exfiltration, stealth persistence, destructive behavior, or AI-agent control hijack.
Evidence
package.jsonlib/install.jsbin/civitai.jsREADME.mdlib/binaries/civitailib/binaries/civitai.exelib/binaries/civitai.downloadlib/binaries/civitai.exe.download
Network endpoints2
github.com/civitai/cli/releases/download/v{version}/{file}github.com/civitai/cli/releases/download/v{version}/checksums.txt

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node lib/install.js
  • lib/install.js downloads a platform executable during install/first run and writes lib/binaries/civitai(.exe)
  • bin/civitai.js spawns the downloaded binary and allows CIVITAI_CLI_BINARY override
Evidence against
  • Download URL is package-aligned: github.com/civitai/cli releases for the same package version
  • lib/install.js verifies sha256 against checksums.txt before installing the binary
  • No credential/env harvesting beyond CIVITAI_CLI_BINARY override
  • No suspicious eval/vm/dynamic code execution in JS wrapper
  • No AI-agent control-surface writes, persistence, destructive actions, or broad filesystem access found
  • README transparently documents postinstall binary download and checksum verification
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 7.33 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node lib/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node lib/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings