registry  /  @posthog/cli  /  0.8.2

@posthog/cli@0.8.2

The command line interface for PostHog 🦔

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; separately, `posthog-cli api agents-md install`
Impact
Installs and later executes a remote release binary; explicit agent instruction-file mutation can influence local coding agents.
Mechanism
fixed-release binary bootstrap and explicit AGENTS.md snippet installation
Rationale
No concrete malicious behavior, credential exfiltration, stealth persistence, or unconsented broad agent-control mutation was found. Flag as warning because the bundled CLI provides explicit project agent-instruction mutation and postinstall fetches an executable artifact without source-contained integrity verification.
Evidence
package.jsoninstall.jsbinary.jsbinary-install.jsrun-posthog-cli.jslib/posthog-api-cli.mjsnode_modules/.bin_realAGENTS.md
Network endpoints1
github.com/PostHog/posthog/releases/download/posthog-cli/v0.8.2

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall`.
  • `install.js` downloads and installs a platform binary.
  • `lib/posthog-api-cli.mjs` exposes explicit `agents-md install`.
  • The agent command calls `installAgentsMdSnippet` for an `AGENTS.md` path.
Evidence against
  • Postinstall is limited to a fixed PostHog GitHub release URL.
  • Installer writes only its own `node_modules/.bin_real` binary directory.
  • No credential harvesting or unrelated-file access appears in installer sources.
  • Agent-file mutation is user-invoked, not lifecycle-triggered.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 4 file(s), 269 KB of source, external domains: example.com, prosemirror.net
Oversized source lightweight scan
lib/posthog-api-cli.mjs5.14 MB file, sampled 256 KB
NetworkChildProcessHighEntropyStringsUrlStringsprosemirror.net

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
lib/posthog-api-cli.mjsView file
path = lib/posthog-api-cli.mjs kind = oversized_source_file sizeBytes = 5384749 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

lib/posthog-api-cli.mjsView on unpkg
path = lib/posthog-api-cli.mjs kind = oversized_cli_entrypoint sizeBytes = 5384749 magicHex = [redacted]
Medium
Oversized Cli Entrypoint

Package contains an oversized executable-looking CLI entrypoint.

lib/posthog-api-cli.mjsView on unpkg

Findings

2 High5 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filelib/posthog-api-cli.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointlib/posthog-api-cli.mjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings