AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface in inspected source. The package is a platform binary wrapper with an install-time fallback downloader for its own versioned @dagucloud binary package.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install when optional platform package is missing, or explicit dagu CLI invocation
Impact
Installs or runs the Dagu binary; no source evidence of exfiltration, persistence, destructive behavior, or control-surface hijack.
Mechanism
version-pinned platform binary download and CLI exec wrapper
Rationale
The suspicious lifecycle and child_process signals are package-aligned: install.js only retrieves a version-matched platform binary from npm as a fallback, and the entrypoints invoke that binary for user-requested CLI use. Static inspection found no concrete malicious chain or unauthorized control-surface mutation.
Evidence
package.jsoninstall.jsindex.jsbin/clilib/platform.jsdagudagu.exe
Network endpoints3
registry.npmjs.org/@dagucloud/${platformSpecificPackageName}/-/${platformSpecificPackageName}-${PACKAGE_VERSION}.tgzgithub.com/dagucloud/dagugithub.com/dagucloud/dagu/issues
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: node ./install.js
- install.js downloads a platform tarball from registry.npmjs.org if optionalDependency binary package is absent
- install.js writes extracted package/bin/dagu or dagu.exe to package directory with executable mode
- bin/cli and index.js execute the resolved dagu binary with user-provided CLI args
Evidence against
- Download URL is deterministic, version-pinned, and under @dagucloud platform packages listed as optionalDependencies
- No credential, env, home-directory, npmrc, SSH, or token harvesting found
- No eval/vm/Function, obfuscated strings, persistence, destructive commands, or AI-agent control-surface writes found
- Runtime child_process usage is the expected CLI wrapper for this binary distribution package
- Network access is limited to fallback binary retrieval from npm registry during install
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
CopyleftLicense
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowCopyleft License