registry  /  @tetsuo-ai/agenc  /  0.4.0

@tetsuo-ai/agenc@0.4.0

Public AgenC CLI launcher package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code fetches a large opaque platform runtime, verifies it, and extracts it under the user home directory. The launcher executes that downloaded runtime only when the user invokes `agenc`.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` triggers prefetch; an `agenc` command triggers runtime execution.
Impact
The uninspected release tarball becomes executable code outside the npm package source review boundary.
Mechanism
verified remote runtime download, extraction, and later execution
Rationale
No inspected code shows exfiltration, destructive actions, stealth persistence, or AI-agent control-surface mutation. The package is nevertheless an opaque staged executable payload carrier activated by lifecycle download and later CLI execution.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjssrc/launcher.mjsgenerated/agenc-runtime-manifest.json~/.agenc/runtime/0.4.0
Network endpoints5
github.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.0/agenc-runtime-0.4.0-darwin-arm64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.0/agenc-runtime-0.4.0-darwin-x64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.0/agenc-runtime-0.4.0-linux-arm64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.0/agenc-runtime-0.4.0-linux-x64.tar.gzgithub.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.0/agenc-runtime-0.4.0-win-x64.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/postinstall.mjs` on install.
  • `scripts/postinstall.mjs` downloads a runtime unless CI/skip is set.
  • `lib/runtime-manager.mjs` fetches and extracts a platform tarball into `~/.agenc/runtime/0.4.0`.
  • `src/launcher.mjs` later executes the extracted runtime and can start its daemon.
  • The downloaded runtime payload is not included for source inspection.
Evidence against
  • Manifest URLs are fixed to the package-aligned `github.com/tetsuo-ai/agenc-releases` repository.
  • `lib/runtime-manager.mjs` verifies each artifact SHA-256 before extraction.
  • No source evidence of credential harvesting, exfiltration, shell injection, or foreign AI-agent configuration writes.
  • Postinstall does not execute the downloaded runtime and treats fetch failures as non-fatal.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 23.1 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings