registry  /  @tetsuo-ai/agenc  /  0.4.2

@tetsuo-ai/agenc@0.4.2

Public AgenC CLI launcher package

AI Security Review

scanned 2m ago · by lpm-firewall-ai

Install-time code fetches and extracts a large external runtime payload. The downloaded payload is checksum-verified but is not included in the reviewed npm source and is executed on later CLI use.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install @tetsuo-ai/agenc` fetches the runtime; invoking `agenc` spawns it.
Impact
A remote release artifact outside this package's reviewed source becomes executable code in the user's account.
Mechanism
postinstall remote runtime download, SHA-256 verification, extraction, and later execution
Rationale
No concrete malicious behavior is present in the inspected JavaScript source. However, install-time retrieval and later execution of a substantial opaque remote payload leaves a real staged-payload risk that static source inspection here cannot clear.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjssrc/launcher.mjsgenerated/agenc-runtime-manifest.json~/.agenc/runtime/0.4.2
Network endpoints5
github.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.2/agenc-runtime-0.4.2-darwin-arm64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.2/agenc-runtime-0.4.2-darwin-x64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.2/agenc-runtime-0.4.2-linux-arm64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.2/agenc-runtime-0.4.2-linux-x64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.2/agenc-runtime-0.4.2-win-x64.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/postinstall.mjs` on install.
  • `lib/runtime-manager.mjs` downloads a platform tarball, verifies a bundled SHA-256, then extracts it under `~/.agenc/runtime/0.4.2`.
  • The downloaded runtime is later spawned by `src/launcher.mjs` when the `agenc` CLI runs.
Evidence against
  • All configured remote artifacts are pinned to explicit GitHub Release URLs and SHA-256 values in the bundled manifest.
  • Postinstall is non-fatal and can be skipped with `AGENC_SKIP_POSTINSTALL=1` or `CI=true`.
  • Inspected launcher source contains no credential harvesting, data upload, AI-agent config mutation, eval, or shell command construction.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 23.1 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings