registry  /  @tetsuo-ai/agenc  /  0.4.3

@tetsuo-ai/agenc@0.4.3

Public AgenC CLI launcher package

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Postinstall fetches a platform-specific runtime archive and writes it under the package-owned AgenC home directory. The launcher later starts that downloaded runtime and may request its daemon startup.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm postinstall stages the archive; explicit `agenc` invocation runs it.
Impact
A mutable remote release artifact becomes executable outside the npm tarball, creating an unreviewable staged-payload risk.
Mechanism
checksum-verified remote runtime bootstrap and execution
Rationale
No concrete credential theft, destructive behavior, or foreign AI-agent control-surface mutation was found in the reviewed source. However, install-time staging of a large remote executable payload leaves material behavior outside the inspectable package.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs<AGENC_HOME>/runtime/0.4.3<AGENC_HOME>/daemon.pid<AGENC_HOME>/daemon.cookie
Network endpoints1
github.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/postinstall.mjs` on install.
  • `scripts/postinstall.mjs` calls `ensureRuntime()` unless CI or opt-out is set.
  • `lib/runtime-manager.mjs` downloads, verifies, and extracts a remote platform tarball.
  • The downloaded runtime is absent from this package, so its executable contents cannot be source-reviewed.
Evidence against
  • The bundled manifest pins package-aligned GitHub Release URLs and SHA-256 values.
  • Checksum mismatch aborts before extraction.
  • Postinstall only stages the runtime; the launcher executes it when `agenc` is invoked.
  • Reviewed source contains no credential harvesting, foreign agent-config writes, eval, or shell payload execution.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 23.3 KB of source, external domains: github.com

Source & flagged code

3 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
lib/runtime-manager.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @tetsuo-ai/agenc@0.4.2 matchedIdentity = npm:QHRldHN1by1haS9hZ2VuYw:0.4.2 similarity = 0.800 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

lib/runtime-manager.mjsView on unpkg

Findings

2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltalib/runtime-manager.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings