registry  /  @getappz/agentflare-linux-x64  /  1.3.0

@getappz/agentflare-linux-x64@1.3.0

Optimize AI CLI agents for cost and performance

AI Security Review

scanned 1h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit execution of `agentflare init --agent ...` or its MCP messaging tools.
Impact
Can alter configured agent hook files and transmit user-selected messages to configured chat platforms.
Mechanism
Explicit agent-config mutation and bot-token-backed outbound chat messaging.
Rationale
Source inspection contradicts the scanner's malicious conclusion because there are no lifecycle hooks and the configuration behavior is explicitly user-invoked. The native binary still presents a documented AI-agent configuration and outbound messaging capability that warrants a warning rather than a block.
Evidence
package.jsonREADME.mdbin/agentflare
Network endpoints2
api.telegram.org/botdiscord.com/api/v10/channels/

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `README.md` documents `agentflare init --agent` writing Claude and Cursor hook/config files.
  • `bin/agentflare` contains MCP `channel_send` support with stored bot-token messaging.
  • `bin/agentflare` contains Telegram and Discord API endpoint strings.
  • Package distributes a stripped native executable, limiting source-level verification.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • `package.json` exposes the binary only through the user-invoked `agentflare` CLI.
  • `README.md` describes configuration writes as explicit `init --agent` actions.
  • No package file showed credential harvesting, stealth persistence, or unconsented install-time execution.
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

2 flagged · loading source
bin/agentflareView file
path = bin/agentflare kind = binary_string_ioc sizeBytes = 17919160 magicHex = [redacted] matchedPrintableString = nor --base-version (base_version). - list artifact_list, honoring --session. - get <id> artifact_get, honoring --version. - delete <id> artifact_delete. after the call, report the resulting url (or listing/content) to the user. exit https://api.telegram.org/bot /sendmessage slack rejected the message: auto-opened on `item done` for the last days ( agentflare- http error: rm /home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cipher-0.4.4/src/strea
Critical
Binary String Ioc

Native or WebAssembly artifact printable strings contain known collector or webhook infrastructure.

bin/agentflareView on unpkg
path = bin/agentflare kind = native_binary sizeBytes = 17919160 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/agentflareView on unpkg

Findings

1 Critical2 Medium
CriticalBinary String Iocbin/agentflare
MediumShips Native Binarybin/agentflare
MediumStructural Risk Force Deep Review