AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by static inspection. The package ships a native CLI binary and an install hook intended to adjust permissions, but observed network strings are local-only.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall or user running bin/sciagent
Impact
Runs a local SciAgent CLI/server when invoked; no confirmed credential theft, persistence, or external exfiltration.
Mechanism
native CLI binary with local FastAPI/uvicorn-style server bundle
Rationale
The suspicious primitives are package-aligned for a platform-specific CLI binary, and inspection found no concrete external endpoint, install-time AI-agent control-surface mutation, credential harvesting, or destructive behavior. The lifecycle hook is notable but appears to be a chmod helper outside this binary subpackage rather than an attack chain.
Evidence
package.jsonbin/sciagent../../scripts/chmod.js
Network endpoints2
localhost127.0.0.1
Decision evidence
public snapshotAI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json defines postinstall: node ../../scripts/chmod.js
- bin/sciagent is a 140792072-byte stripped Linux x64 ELF/PyInstaller-style binary
- bin/sciagent strings include subprocess/execvp and SSH-related bundled modules
Evidence against
- Package contains only package.json and bin/sciagent; no JS import-time code present
- Postinstall target ../../scripts/chmod.js is not included in this package and appears chmod-oriented, not an agent-control write
- Embedded URL search found only http://localhost and 127.0.0.1 runtime server/browser strings
- No strings indicating npmrc, id_rsa, broad AI-agent config writes, destructive commands, or external exfiltration endpoint
- CLI strings describe SciAgent local proxy/server startup and browser opening
Behavioral surface
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ../../scripts/chmod.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ../../scripts/chmod.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgbin/sciagentView file
•path = bin/sciagent
kind = native_binary
sizeBytes = 140792072
magicHex = [redacted]
Medium
Findings
1 High2 Medium1 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumShips Native Binarybin/sciagent
LowScripts Present