AI Security Review
scanned 1h ago · by lpm-firewall-aiThe package is a documented npm wrapper for a Civitai CLI binary. The only notable surface is install-time/lazy download of a versioned GitHub release asset, checksum verification, and runtime spawning of that binary.
Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or invoking the civitai bin when the binary is missing
Impact
Installs and runs a package-owned CLI binary; no confirmed malicious behavior in inspected JS source.
Mechanism
download verified package-aligned native CLI and spawn it
Rationale
Static inspection shows a transparent, package-aligned CLI wrapper that downloads and checksum-verifies its own GitHub release binary, then spawns it on user invocation. The lifecycle/network/child_process findings are explained by the package purpose, with no source evidence of exfiltration, stealth persistence, destructive behavior, or AI-agent control hijack.
Evidence
package.jsonlib/install.jsbin/civitai.jsREADME.mdlib/binaries/civitailib/binaries/civitai.exelib/binaries/civitai.downloadlib/binaries/civitai.exe.download
Network endpoints2
github.com/civitai/cli/releases/download/v{version}/{file}github.com/civitai/cli/releases/download/v{version}/checksums.txt
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node lib/install.js
- lib/install.js downloads a platform executable during install/first run and writes lib/binaries/civitai(.exe)
- bin/civitai.js spawns the downloaded binary and allows CIVITAI_CLI_BINARY override
Evidence against
- Download URL is package-aligned: github.com/civitai/cli releases for the same package version
- lib/install.js verifies sha256 against checksums.txt before installing the binary
- No credential/env harvesting beyond CIVITAI_CLI_BINARY override
- No suspicious eval/vm/dynamic code execution in JS wrapper
- No AI-agent control-surface writes, persistence, destructive actions, or broad filesystem access found
- README transparently documents postinstall binary download and checksum verification
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node lib/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node lib/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings