registry  /  @paulnsorensen/tilth-nightly  /  0.0.0-experimental.12.1

@paulnsorensen/tilth-nightly@0.0.0-experimental.12.1

EXPERIMENTAL rolling build of paulnsorensen/tilth off main — unofficial fork, NOT the official `tilth` package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time remote binary bootstrap from a package-aligned GitHub nightly release. No confirmed malicious behavior in the JavaScript source, but the moving remote native binary is not inspectable from this package tarball.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later user invocation of tilth bin
Impact
Unresolved supply-chain risk from install-time native binary fetch; no source evidence of credential theft, persistence, destructive behavior, or agent hijack.
Mechanism
download, checksum-verify, extract, chmod, and spawn native CLI
Rationale
Static inspection finds no concrete malicious chain, credential harvesting, persistence, broad AI-agent control mutation, or non-package-aligned exfiltration. The install-time download and later execution of a remote native nightly binary is a real unresolved supply-chain risk, so warning is appropriate rather than blocking.
Evidence
package.jsoninstall.jsrun.jsbin/bin/tilthbin/tilth.exebin/tilth.zip
Network endpoints2
github.com/paulnsorensen/tilth/releases/download/nightly/tilth-${target}.${ext}github.com/paulnsorensen/tilth/releases/download/nightly/tilth-${target}.${ext}.sha256

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node install.js
  • install.js downloads platform archive from GitHub nightly release at install time
  • install.js extracts archive into ./bin and chmods ./bin/tilth executable
  • run.js bin wrapper spawns ./bin/tilth with user arguments
Evidence against
  • No process.env, token, credential, npmrc, ssh, or home-directory harvesting found
  • No exfiltration endpoints beyond package-aligned github.com release URLs
  • Checksum is verified before extraction, though sidecar is fetched from same release
  • No AI-agent config/control-surface writes found
  • Filesystem writes are limited to package ./bin and temporary ./bin/tilth.zip
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 5.96 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings