AI Security Review
scanned 2h ago · by lpm-firewall-aiInstall-time download, checksum verification, and extraction of the package runtime into `~/.agenc`. The CLI later starts its own runtime daemon.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` triggers postinstall; invoking `agenc` resolves the runtime and may autostart its daemon.
Impact
Remote runtime code is introduced during install, but the inspected launcher has no concrete malicious behavior or foreign control-surface mutation.
Mechanism
Package-owned runtime bootstrap from hash-pinned GitHub Release artifacts.
Rationale
The postinstall hook is a transparent, package-aligned runtime bootstrap that downloads only manifest-pinned, SHA-256-verified artifacts into its own cache. Static source inspection found no concrete exfiltration, stealth persistence, destructive action, or foreign AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs~/.agenc/runtime/<version>
Network endpoints1
github.com/tetsuo-ai/agenc-releases/releases/download/agenc-v0.4.1/
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
- `package.json` runs `scripts/postinstall.mjs` on install.
- `scripts/postinstall.mjs` invokes `ensureRuntime()` unless CI/skip is set.
- `lib/runtime-manager.mjs` downloads and extracts a large remote runtime during postinstall.
- `src/launcher.mjs` autostarts a daemon on CLI invocation.
Evidence against
- `generated/agenc-runtime-manifest.json` pins GitHub release URLs and SHA-256 hashes.
- `lib/runtime-manager.mjs` verifies the downloaded archive hash before extraction.
- Writes are limited to the package-owned `~/.agenc/runtime/<version>` cache and temp archive.
- No credential harvesting, environment exfiltration, eval, or foreign AI-agent config writes found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings