registry  /  @sciagent/cli-linux-x64  /  1.0.31

@sciagent/cli-linux-x64@1.0.31

SciAgent CLI binary for Linux x64

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by package-local inspection. Risk remains from an install-time hook that invokes ../../scripts/chmod.js outside this package, plus a large opaque native/PyInstaller CLI with user-invoked terminal/SSH capabilities.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs bin/sciagent
Impact
Potential install-time execution is unresolved; runtime capabilities appear aligned with an AI research CLI local server.
Mechanism
install hook plus PyInstaller CLI binary
Rationale
The package is not clean because package.json executes an out-of-package postinstall script that cannot be validated within the package, but there is no package-local evidence of exfiltration, persistence, destructive actions, or foreign AI-agent control mutation. The shipped binary’s suspicious primitives are consistent with an interactive local AI research CLI rather than a confirmed malicious install chain.
Evidence
package.jsonbin/sciagent../../scripts/chmod.js
Network endpoints1
localhost

Decision evidence

public snapshot
AI called this Suspicious at 68.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node ../../scripts/chmod.js, executing a script outside this package tree during install
  • bin/sciagent is a 144MB stripped Linux ELF/PyInstaller binary
  • embedded strings show terminal/SSH/execution service modules such as apps/server/app/api/terminal.py and services/ssh_executor.py
Evidence against
  • package contains only package.json and bin/sciagent; no hidden JS payloads or extra install files found
  • postinstall name/path suggests chmod setup for shipped CLI binary, common for platform binary packages
  • embedded URL search only found localhost UI/proxy strings, no exfiltration endpoint
  • binary strings show a user-invoked SciAgent CLI local server with --port/--no-browser options
  • no evidence of credential harvesting, destructive behavior, persistence, or AI-agent config mutation in package files
Behavioral surface
SourceNo risky source behavior triggered.
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 0 file(s), 0 B of source

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ../../scripts/chmod.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ../../scripts/chmod.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/sciagentView file
path = bin/sciagent kind = native_binary sizeBytes = 144703016 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

bin/sciagentView on unpkg

Findings

1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/sciagent
LowScripts Present