registry  /  @getappz/agentflare-linux-x64  /  1.3.1

@getappz/agentflare-linux-x64@1.3.1

Optimize AI CLI agents for cost and performance

AI Security Review

scanned 7m ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `agentflare init --agent ...` or configures and invokes notification features.
Impact
Can alter agent behavior and send chosen messages through user-configured third-party bot accounts.
Mechanism
Explicit AI-agent hook setup and configured outbound bot messaging.
Rationale
The scanner's native-binary and webhook indicators correspond to documented CLI capabilities rather than confirmed malware. Because the CLI can explicitly alter AI-agent control surfaces and invoke a remote installer, retain a warning verdict rather than marking it clean.
Evidence
package.jsonREADME.mdbin/agentflare
Network endpoints4
api.telegram.org/botdiscord.com/api/v10/channels/slack.com/api/chat.postMessageraw.githubusercontent.com/yvgude/lean-ctx/main/install.sh

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `bin/agentflare` is a stripped native ELF and imports process, filesystem, and socket APIs.
  • Binary strings show `agentflare init --agent` wiring `~/.claude/settings.json`, `.cursor/hooks.json`, and Codex hook/config files.
  • Binary contains Telegram, Discord, and Slack message endpoints plus configured bot-token names.
  • `README.md` documents that `init` writes host-agent hooks/configuration and can install lean-ctx via a remote installer.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle script.
  • The documented and embedded config writes are triggered by explicit `agentflare init --agent ...` commands, not installation.
  • Embedded messages say existing hook files are skipped/not overwritten and include cleanup paths.
  • No credential-collection routine, unknown collector host, stealth persistence, or automatic exfiltration was confirmed from package files.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
bin/agentflareView file
path = bin/agentflare kind = binary_string_ioc sizeBytes = 17919992 magicHex = [redacted] matchedPrintableString = n). - list artifact_list, honoring --session. - get <id> artifact_get, honoring --version. - delete <id> artifact_delete. after the call, report the resulting url (or listing/content) to the user. exit the last days ( http error: https://api.telegram.org/bot /sendmessage slack rejected the message: auto-opened on `item done` for rm /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cipher-0.4.4/src/stream_core.rs api call failed: ' failed: .ori
Critical
Binary String Ioc

Native or WebAssembly artifact printable strings contain known collector or webhook infrastructure.

bin/agentflareView on unpkg
path = bin/agentflare kind = native_binary sizeBytes = 17919992 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/agentflareView on unpkg

Findings

1 Critical2 Medium
CriticalBinary String Iocbin/agentflare
MediumShips Native Binarybin/agentflare
MediumStructural Risk Force Deep Review