AI Security Review
scanned 7h ago · by lpm-firewall-aiInstall-time code downloads an opaque platform-native executable, verifies it using a checksum fetched from the same release, and stores it locally. The executable runs when the user invokes `civitai`; its contents are not present for source inspection.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` triggers `postinstall`; a user then invokes `civitai`.
Impact
A compromised or substituted release asset could execute native code under the installing user's account when the CLI is used.
Mechanism
remote native-binary download, local executable write, and CLI launch
Rationale
No concrete malicious chain is visible in the JavaScript wrapper, but it installs and later executes an opaque remote native payload. The checksum mechanism reduces accidental corruption risk but does not independently authenticate a compromised release channel.
Evidence
package.jsonlib/install.jsbin/civitai.jsREADME.mdlib/binaries/civitailib/binaries/civitai.exe
Network endpoints2
github.com/civitai/cli/releases/download/v<version>/<asset>github.com/civitai/cli/releases/download/v<version>/checksums.txt
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- `package.json` runs `node lib/install.js` in `postinstall`.
- `lib/install.js` downloads a platform-native binary at install time.
- `lib/install.js` writes executable payloads under `lib/binaries/`.
- `bin/civitai.js` launches the downloaded binary with inherited stdio.
Evidence against
- Release URLs are fixed to `github.com/civitai/cli`.
- Downloaded asset is checked against SHA-256 from `checksums.txt`.
- Redirects are limited and non-HTTPS redirects are rejected.
- No source evidence of credential harvesting, exfiltration, shell injection, or agent-control writes.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node lib/install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node lib/install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings