registry  /  @orchestree/cli  /  3.5.0

@orchestree/cli@3.5.0

CrowCode CLI (crow) — the Orchestree platform in your terminal: sign in, inspect your identity, manage model gateways, and launch the suite's agents. Installs the `crow` command (`orchestree` remains as an alias).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No automatic install- or import-time attack surface was confirmed. An explicit `crow update` command downloads and pipes the vendor installer into `sh`, which is a transparent but risky self-update mechanism.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `crow update` without `--check`.
Impact
A compromised installer endpoint could execute arbitrary shell code with the invoking user's privileges.
Mechanism
Explicit remote installer download-and-shell execution.
Rationale
Source inspection confirms an explicit self-updater that executes a remote shell installer, but no concrete malicious behavior or unconsented install-time mutation. The scanner's critical finding is therefore a risky package-aligned update feature rather than proof of malware.
Evidence
package.jsonbin/crow.jsbin/orchestree.jsdist/index.jsdist/gateways.jsdist/maintenance.jsREADME.mdCHANGELOG.md
Network endpoints2
media.orchestree.ai/cli/latestorchestree.ai/crow

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/maintenance.js` runs `curl -fsSL https://orchestree.ai/crow | sh` via `sh -c`.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • Remote installer execution is reachable only through explicit `crow update`, with `--check` avoiding it.
  • `bin/crow.js` only imports the packaged CLI entrypoint; no install-time execution.
  • `dist/index.js` launches the declared `@orchestree/crowcode-cli` dependency using Node and inherited stdio.
  • `dist/maintenance.js` only fetches its CDN version pointer and API health endpoint outside explicit update.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
Manifest
NoLicense
scanned 5 file(s), 19.2 KB of source, external domains: media.orchestree.ai, orchestree.ai

Source & flagged code

3 flagged · loading source
dist/maintenance.jsView file
2// Everything reports what it actually observed — no simulated checks. L3: import { spawn } from 'node:child_process'; L4: import { accessSync, constants, realpathSync } from 'node:fs'; ... L8: import { DEFAULT_API_BASE, crowPaint } from '@orchestree/cli-core'; L9: export const CDN_LATEST_URL = 'https://media.orchestree.ai/cli/latest'; L10: export const INSTALLER_URL = 'https://orchestree.ai/crow'; ... L14: throw new Error(`${url} → HTTP ${res.status}`); L15: return (await res.text()).trim(); L16: } ... L38: export function pathShadows(binName = 'crow') { L39: const dirs = (process.env.PATH ?? '').split(path.delimiter).filter(Boolean); L40: const found = [];
Critical
Download Execute

Source downloads or fetches remote code and executes it.

dist/maintenance.jsView on unpkg · L2
2// Everything reports what it actually observed — no simulated checks. L3: import { spawn } from 'node:child_process'; L4: import { accessSync, constants, realpathSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/maintenance.jsView on unpkg · L2
bin/crow.jsView file
12if (existsSync(distEntry)) { L13: await import(distEntry); L14: } else if (existsSync(srcEntry)) {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/crow.jsView on unpkg · L12

Findings

1 Critical2 High3 Medium4 Low
CriticalDownload Executedist/maintenance.js
HighChild Processdist/maintenance.js
HighShell
MediumDynamic Requirebin/crow.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings
LowNo License