registry  /  @seemseam/ccb  /  8.1.2

@seemseam/ccb@8.1.2

Lightweight multi-agent TUI and stable cross-provider collaboration layer for Codex, Claude, Gemini, Grok, Kimi, DeepSeek, and other CLI agents.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code downloads a platform archive, verifies it against a checksum fetched from the same configurable source, and extracts it under the package directory. Later CLI use executes the extracted binary. This is a remote payload carrier with no pinned artifact trust root.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` runs postinstall; invoking `ccb`, `ask`, `autonew`, or `ctx-transfer` runs the extracted binary.
Impact
An attacker controlling the release-base URL or its responses can supply a checksum-matching executable payload.
Mechanism
configurable remote binary download, extraction, and execution
Rationale
The package is not conclusively malicious, but its install path stages a remotely supplied binary without a pinned independent integrity value. This is a concrete supply-chain risk that warrants a warning rather than a publication block.
Evidence
package.jsonbin/ccb-npm-install.jsbin/ccb-npm-runner.jsbin/ccb.jsbin/ask.jsbin/autonew.jsbin/ctx-transfer.js.ccb-release
Network endpoints1
github.com/SeemSeam/claude_codex_bridge/releases/download/v${version}

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `postinstall`.
  • `bin/ccb-npm-install.js` accepts arbitrary `CCB_NPM_RELEASE_BASE_URL`.
  • Postinstall downloads archive and checksum from the same unpinned base URL.
  • `bin/ccb-npm-install.js` extracts the downloaded archive with `tar`.
  • CLI wrappers execute the extracted `ccb`/subcommand binary later.
Evidence against
  • No credential, environment, or project-file harvesting is present.
  • No AI-agent configuration or broad control-surface mutation is present.
  • Default download host is the package's GitHub release URL.
  • The archive checksum is checked before extraction.
  • Shipped JavaScript only implements download, extraction, and command forwarding.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 6 file(s), 5.88 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node bin/ccb-npm-install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
bin/ask.jsView file
3L4: require("./ccb-npm-runner").run("ask");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/ask.jsView on unpkg · L3

Findings

1 High4 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumDynamic Requirebin/ask.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License