registry  /  @tetsuo-ai/agenc  /  0.4.1

@tetsuo-ai/agenc@0.4.1

Public AgenC CLI launcher package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time download, checksum verification, and extraction of the package runtime into `~/.agenc`. The CLI later starts its own runtime daemon.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` triggers postinstall; invoking `agenc` resolves the runtime and may autostart its daemon.
Impact
Remote runtime code is introduced during install, but the inspected launcher has no concrete malicious behavior or foreign control-surface mutation.
Mechanism
Package-owned runtime bootstrap from hash-pinned GitHub Release artifacts.
Rationale
The postinstall hook is a transparent, package-aligned runtime bootstrap that downloads only manifest-pinned, SHA-256-verified artifacts into its own cache. Static source inspection found no concrete exfiltration, stealth persistence, destructive action, or foreign AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs~/.agenc/runtime/<version>
Network endpoints1
github.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.1/

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `package.json` runs `scripts/postinstall.mjs` on install.
  • `scripts/postinstall.mjs` invokes `ensureRuntime()` unless CI/skip is set.
  • `lib/runtime-manager.mjs` downloads and extracts a large remote runtime during postinstall.
  • `src/launcher.mjs` autostarts a daemon on CLI invocation.
Evidence against
  • `generated/agenc-runtime-manifest.json` pins GitHub release URLs and SHA-256 hashes.
  • `lib/runtime-manager.mjs` verifies the downloaded archive hash before extraction.
  • Writes are limited to the package-owned `~/.agenc/runtime/<version>` cache and temp archive.
  • No credential harvesting, environment exfiltration, eval, or foreign AI-agent config writes found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 23.1 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings