registry  /  @paiart/clipal  /  0.22.1

@paiart/clipal@0.22.1

Clipal CLI installer for the local LLM API gateway

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time code fetches a native executable and stores it in the package directory. The checksum provides no independent trust boundary because it comes from the same configurable remote source.

Static reason
One or more suspicious static signals were detected.; source closely matched a different package identity
Trigger
npm postinstall; downloaded binary later runs when the user invokes `clipal`.
Impact
A compromised or redirected artifact source can supply a replacement executable for later user execution.
Mechanism
Remote binary bootstrap with same-origin checksum verification.
Rationale
The source shows a real staged native-payload supply-chain risk, but no concrete exfiltration, destructive behavior, or foreign AI-agent control-surface mutation. Treat it as a warning rather than intentional malware.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exe
Network endpoints1
github.com/PAIArtCom/Clipal/releases/download

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `scripts/postinstall.js` downloads a platform executable during `postinstall`.
  • The SHA-256 checksum is downloaded from the same remote release location as the binary.
  • `CLIPAL_NPM_BASE_URL` can redirect install-time artifact and checksum retrieval.
  • Redirects are followed before writing the downloaded executable to `vendor/clipal`.
Evidence against
  • No credential, environment-harvesting, or data-exfiltration logic is present.
  • No downloaded binary is executed by the lifecycle script.
  • Writes are limited to package `vendor/` and a temporary directory.
  • `bin/clipal.js` runs the binary only after an explicit CLI invocation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.93 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/clipal.jsView file
matchType = package_source_clone_identity_mismatch matchedPackage = clipal@0.21.3 matchedPath = bin/clipal.js matchedIdentity = npm:Y2xpcGFs:0.21.3 similarity = 1.000 shingleOverlap = 2 summary = source files closely matched a different published package identity
High
Package Source Clone Identity Mismatch

Package source closely matches a different published package identity; review for dependency-confusion or copied-code abuse.

bin/clipal.jsView on unpkg

Findings

2 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPackage Source Clone Identity Mismatchbin/clipal.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings