registry  /  @morphy-agent/cli  /  0.6.5

@morphy-agent/cli@0.6.5

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

Morphy — universal autonomous AI agent with multi-agent swarm execution

AI Security Review

scanned 2h ago · by lpm-firewall-ai

On npm install, downloads a platform-specific opaque Morphy executable from the project’s GitHub release into the package-owned `bin/` directory. The `morphy` command subsequently executes that downloaded binary with the user’s CLI arguments. No confirmed credential access, AI-agent control-surface mutation, persistence, or exfiltration is present in the inspected JavaScript.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall downloads the executable; invoking `morphy` executes it.
Impact
A package-controlled GitHub release asset becomes executable code in the consumer environment, but the downloaded binary’s behavior cannot be verified from this tarball.
Mechanism
Postinstall binary downloader with runtime child-process proxy
Rationale
This is not concrete malware from the inspected source: the package implements a conventional compiled-CLI installer and contains no observed remote script execution, data theft, persistence, or foreign AI-agent configuration mutation. However, its npm postinstall obtains the only substantive program as an opaque executable from a recent unprovenanced GitHub release, with checksum metadata from the same authority, and the package then executes that artifact through its CLI proxy. That unresolved executable trust boundary warrants a warning rather than a clean verdict or a publish block.
Evidence
package.jsoninstall.jsbin/morphy.jsbin/morphybin/morphy.exe
Network endpoints1
github.com/deadraid/morphy-releases/releases/download/v0.6.5/

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` declares `postinstall: node install.js`, so registry installation runs package-controlled network and filesystem code.
  • `install.js` downloads a platform-specific executable from `https://github.com/deadraid/morphy-releases/releases/download/v0.6.5/` into `bin/morphy` or `bin/morphy.exe`; the shipped tarball contains no source or binary artifact to statically inspect.
  • `install.js` fetches `sha256sums.txt` from the same GitHub release authority used for the executable, so the checksum check detects transfer corruption but does not provide an independently trusted verification source.
  • `bin/morphy.js` invokes the downloaded opaque executable with user-supplied CLI arguments via `child_process.execFileSync`; `install.js` also invokes a pre-existing `bin/morphy` with `--version` during postinstall before deciding whether to replace it.
  • The package is a very recent seven-version CLI release with no provenance/attestations in the supplied metadata, and its only version-diff change from `0.6.4` is `package.json`; this does not establish malware but leaves the downloaded executable’s behavior unreviewable.
Evidence against
  • No inspected JavaScript fetches JavaScript, shell text, or commands for evaluation; downloads are limited to platform executable assets and a SHA-256 checksum file on `github.com`.
  • No inspected source reads credentials, enumerates environment variables, exfiltrates data, creates persistence, mutates AI-agent configuration surfaces, or launches detached processes.
  • The lifecycle/downloader/proxy structure is package-aligned for a cross-platform compiled CLI: it selects a supported OS/architecture, writes only under the package’s own `bin/` directory, verifies a SHA-256 value, and the CLI wrapper forwards arguments to that binary.
  • Static inspection was limited to the five distributed text files; the actual executable is retrieved only at install time and was not present for read-only review.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 5.32 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License