AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious source behavior was found. The package does install a remote prebuilt executable during postinstall, leaving residual staged-payload risk because the binary is outside the inspected npm source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, or civitai CLI invocation when binary is missing
Impact
Installs and later runs a package-aligned native CLI binary; no source-level exfiltration or persistence confirmed.
Mechanism
download verified release binary and execute it as CLI wrapper
Attack narrative
At install time, lib/install.js resolves the package version and platform, downloads the matching civitai/cli GitHub release binary plus checksums.txt, verifies sha256, and writes an executable under lib/binaries. The bin wrapper later executes that binary with user arguments. This is package-aligned but the fetched executable is not present for static source inspection.
Rationale
The inspected JavaScript wrapper contains no concrete malware behavior, but it lifecycle-fetches a native executable from a release endpoint and executes it later, so a warn-level staged-payload classification is appropriate rather than clean or publish-block.
Evidence
package.jsonlib/install.jsbin/civitai.jsREADME.mdlib/binaries/civitailib/binaries/civitai.exelib/binaries/civitai.downloadlib/binaries/civitai.exe.download
Network endpoints1
github.com/civitai/cli/releases/download/v${version}/${file}
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node lib/install.js
- lib/install.js downloads a platform Go binary and checksums.txt from GitHub releases
- bin/civitai.js spawnSync executes the downloaded binary or CIVITAI_CLI_BINARY override
Evidence against
- Downloaded asset name is version/platform-specific for civitai/cli releases
- Checksum verification is implemented before writing executable
- Writes are limited to lib/binaries/civitai(.exe) inside the package
- No credential harvesting, home/project persistence, AI-agent control-surface writes, or destructive code found
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node lib/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node lib/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings