registry  /  @morphy-agent/cli  /  0.6.6

@morphy-agent/cli@0.6.6

Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.

Morphy — universal autonomous AI agent with multi-agent swarm execution

AI Security Review

scanned 8d ago · by lpm-firewall-ai

The package is a native-binary installer and CLI shim for an autonomous AI agent. The unresolved risk is the install-time fetched executable, whose contents are not present in the package source inspected here.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; morphy CLI runs the installed binary
Impact
Installer places and later executes an opaque native agent binary; no confirmed malicious behavior in inspected JS package code.
Mechanism
postinstall remote binary download and CLI exec shim
Attack narrative
On installation, install.js selects a platform-specific binary name, downloads it from deadraid/morphy-releases GitHub release v0.6.6, verifies it against sha256sums.txt from the same release, chmods it, and stores it as bin/morphy or bin/morphy.exe. The published JS CLI then delegates execution to that binary. Source inspection did not find credential theft, persistence, foreign agent config mutation, or install-time agent control hijack.
Rationale
The inspected package source does not establish malware, but it does install and execute an opaque remote native binary for an agent with powerful user-invoked capabilities. This warrants a warning as a staged payload/native binary carrier rather than a publish block.
Evidence
package.jsoninstall.jsbin/morphy.jsREADME.mdbin/morphybin/morphy.exe
Network endpoints2
github.com/deadraid/morphy-releases/releases/download/v0.6.6/<platform-binary>github.com/deadraid/morphy-releases/releases/download/v0.6.6/sha256sums.txt

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform executable from GitHub releases during install
  • install.js verifies sha256sums.txt from the same release source, not an independent trust root
  • bin/morphy.js executes the downloaded bin/morphy or bin/morphy.exe with user arguments
  • README advertises autonomous agent features including shell, file editing, MCP, server, and yolo modes
Evidence against
  • No code writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces
  • Install writes only inside the package bin directory
  • Network endpoints are package-aligned GitHub release URLs
  • No credential/env harvesting or exfiltration logic in JS sources
  • Dangerous agent capabilities appear runtime user-invoked, not install-time activated
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
Manifest
NoLicense
scanned 2 file(s), 5.32 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License