registry  /  @paiart/clipal  /  0.20.0

@paiart/clipal@0.20.0

Clipal CLI installer for the local LLM API gateway

AI Security Review

scanned 4d ago · by lpm-firewall-ai

The package is an npm installer wrapper for a native Clipal CLI binary. The unresolved risk is install-time remote executable download, but inspected JavaScript does not show concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking clipal runs the downloaded vendor binary
Impact
Remote binary executes when the user runs the CLI; maliciousness is not confirmed from package source
Mechanism
install-time download and checksum verification of platform binary
Rationale
Source inspection found a package-aligned CLI installer that downloads and installs a GitHub release binary, with checksum verification but without npm-pinned binary contents. This warrants a warning for remote executable install behavior, not a publish block, because no credential theft, exfiltration, persistence, or destructive logic is present in the inspected source.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exe
Network endpoints1
github.com/PAIArtCom/Clipal/releases/download

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ./scripts/postinstall.js
  • scripts/postinstall.js downloads a platform binary during install
  • checksums.txt and binary are both fetched from the same release base URL, so no npm-pinned integrity exists
  • CLIPAL_NPM_BASE_URL can redirect postinstall downloads via environment
Evidence against
  • Network endpoint is package-aligned GitHub Releases for PAIArtCom/Clipal
  • scripts/postinstall.js verifies SHA256 from checksums.txt before copying binary
  • bin/clipal.js only spawns vendor/clipal with user CLI args
  • No source evidence of credential harvesting, persistence, destructive actions, or exfiltration
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.93 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings