AI Security Review
scanned 2h ago · by lpm-firewall-aiNo automatic install- or import-time attack surface was confirmed. An explicit `crow update` command downloads and pipes the vendor installer into `sh`, which is a transparent but risky self-update mechanism.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `crow update` without `--check`.
Impact
A compromised installer endpoint could execute arbitrary shell code with the invoking user's privileges.
Mechanism
Explicit remote installer download-and-shell execution.
Rationale
Source inspection confirms an explicit self-updater that executes a remote shell installer, but no concrete malicious behavior or unconsented install-time mutation. The scanner's critical finding is therefore a risky package-aligned update feature rather than proof of malware.
Evidence
package.jsonbin/crow.jsbin/orchestree.jsdist/index.jsdist/gateways.jsdist/maintenance.jsREADME.mdCHANGELOG.md
Network endpoints2
media.orchestree.ai/cli/latestorchestree.ai/crow
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/maintenance.js` runs `curl -fsSL https://orchestree.ai/crow | sh` via `sh -c`.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- Remote installer execution is reachable only through explicit `crow update`, with `--check` avoiding it.
- `bin/crow.js` only imports the packaged CLI entrypoint; no install-time execution.
- `dist/index.js` launches the declared `@orchestree/crowcode-cli` dependency using Node and inherited stdio.
- `dist/maintenance.js` only fetches its CDN version pointer and API health endpoint outside explicit update.
Behavioral surface
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
UrlStrings
NoLicense
Source & flagged code
3 flagged · loading sourcedist/maintenance.jsView file
2// Everything reports what it actually observed — no simulated checks.
L3: import { spawn } from 'node:child_process';
L4: import { accessSync, constants, realpathSync } from 'node:fs';
...
L8: import { DEFAULT_API_BASE, crowPaint } from '@orchestree/cli-core';
L9: export const CDN_LATEST_URL = 'https://media.orchestree.ai/cli/latest';
L10: export const INSTALLER_URL = 'https://orchestree.ai/crow';
...
L14: throw new Error(`${url} → HTTP ${res.status}`);
L15: return (await res.text()).trim();
L16: }
...
L38: export function pathShadows(binName = 'crow') {
L39: const dirs = (process.env.PATH ?? '').split(path.delimiter).filter(Boolean);
L40: const found = [];
Critical
Download Execute
Source downloads or fetches remote code and executes it.
dist/maintenance.jsView on unpkg · L22// Everything reports what it actually observed — no simulated checks.
L3: import { spawn } from 'node:child_process';
L4: import { accessSync, constants, realpathSync } from 'node:fs';
High
Child Process
Package source references child process execution.
dist/maintenance.jsView on unpkg · L2bin/crow.jsView file
12if (existsSync(distEntry)) {
L13: await import(distEntry);
L14: } else if (existsSync(srcEntry)) {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/crow.jsView on unpkg · L12Findings
1 Critical2 High3 Medium4 Low
CriticalDownload Executedist/maintenance.js
HighChild Processdist/maintenance.js
HighShell
MediumDynamic Requirebin/crow.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License