registry  /  @sciagent/cli  /  1.0.31

@sciagent/cli@1.0.31

SciAgent CLI - AI Research Assistant

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The concrete risk is install-time execution that may install a first-party platform native binary package globally if the optional dependency is missing. No source evidence shows exfiltration, destructive behavior, foreign agent config mutation, or stealth persistence.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install of @sciagent/cli or user running sciagent
Impact
Installs and executes package-aligned platform binary components; binary contents are not present in this source package for inspection.
Mechanism
postinstall npm install fallback and CLI native-binary wrapper
Rationale
Source inspection confirms risky install-time package installation and native binary delegation, but the behavior is package-aligned and lacks concrete malicious actions such as credential theft, exfiltration, destructive operations, or agent control hijacking. Because the native platform payloads are separate packages and the install fallback is unconsented/global, warn rather than mark clean or block.
Evidence
package.jsonscripts/postinstall.jsscripts/chmod.jsbin/sciagent.jsbin/sciagent
Network endpoints2
gitee.com/garva/research-agentgitee.com/garva/research-agent.git

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs execSync npm install for @sciagent/cli-${platform}-${arch}@1.0.31 during install
  • postinstall treats npm_lifecycle_event === postinstall as global context, so fallback install uses npm install -g
  • bin/sciagent.js chmods and spawns a platform-specific native binary with user CLI args
Evidence against
  • No credential, env, home directory, SSH, token, or secret harvesting found by source search
  • No HTTP client or exfiltration endpoint in package source; only repository/docs URLs are present
  • Platform package names are first-party @sciagent scoped optionalDependencies matching package version
  • Runtime child_process use is the declared CLI wrapper launching the selected SciAgent binary
  • No AI-agent control-surface writes, persistence setup, destructive file operations, eval, vm, or dynamic remote code loading in inspected JS
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 10.4 KB of source, external domains: gitee.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
scripts/postinstall.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @sciagent/cli@1.0.3 matchedIdentity = npm:QHNjaWFnZW50L2NsaQ:1.0.3 similarity = 0.667 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/postinstall.jsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltascripts/postinstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings