AI Security Review
scanned 2h ago · by lpm-firewall-aiPostinstall fetches a platform-specific runtime archive and writes it under the package-owned AgenC home directory. The launcher later starts that downloaded runtime and may request its daemon startup.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm postinstall stages the archive; explicit `agenc` invocation runs it.
Impact
A mutable remote release artifact becomes executable outside the npm tarball, creating an unreviewable staged-payload risk.
Mechanism
checksum-verified remote runtime bootstrap and execution
Rationale
No concrete credential theft, destructive behavior, or foreign AI-agent control-surface mutation was found in the reviewed source. However, install-time staging of a large remote executable payload leaves material behavior outside the inspectable package.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs<AGENC_HOME>/runtime/0.4.3<AGENC_HOME>/daemon.pid<AGENC_HOME>/daemon.cookie
Network endpoints1
github.com
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `scripts/postinstall.mjs` on install.
- `scripts/postinstall.mjs` calls `ensureRuntime()` unless CI or opt-out is set.
- `lib/runtime-manager.mjs` downloads, verifies, and extracts a remote platform tarball.
- The downloaded runtime is absent from this package, so its executable contents cannot be source-reviewed.
Evidence against
- The bundled manifest pins package-aligned GitHub Release URLs and SHA-256 values.
- Checksum mismatch aborts before extraction.
- Postinstall only stages the runtime; the launcher executes it when `agenc` is invoked.
- Reviewed source contains no credential harvesting, foreign agent-config writes, eval, or shell payload execution.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
3 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkglib/runtime-manager.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @tetsuo-ai/agenc@0.4.2
matchedIdentity = npm:QHRldHN1by1haS9hZ2VuYw:0.4.2
similarity = 0.800
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
lib/runtime-manager.mjsView on unpkgFindings
2 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighPrevious Version Dangerous Deltalib/runtime-manager.mjs
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings