AI Security Review
scanned 3h ago · by lpm-firewall-ainpm postinstall fetches a large platform-specific runtime tarball from GitHub Releases, verifies a package-bundled SHA-256, and extracts it under ~/.agenc. The visible launcher later executes that opaque fetched runtime and may request its daemon start.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install triggers best-effort prefetch; invoking agenc executes the extracted runtime.
Impact
Remote payload contents are not present for source review; the package creates an opaque executable payload path outside node_modules.
Mechanism
SHA-pinned remote runtime download, extraction, and later execution
Rationale
No concrete malicious behavior is visible in the reviewed launcher source, but it is an install-time remote payload carrier that later executes opaque downloaded code. The postinstall hook does not execute the payload, so blocking is not justified under the stated policy.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs~/.agenc/runtime/<version>/$TMPDIR/agenc-runtime-<version>-<pid>.tar.gz
Network endpoints1
github.com
Decision evidence
public snapshotAI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall.
- scripts/postinstall.mjs imports ensureRuntime during npm install.
- lib/runtime-manager.mjs downloads a platform tarball and extracts it to ~/.agenc.
- generated/agenc-runtime-manifest.json points to SHA-256-pinned GitHub release tarballs.
- src/launcher.mjs executes the extracted runtime and can autostart its daemon.
Evidence against
- Postinstall is non-fatal and skips when CI=true or AGENC_SKIP_POSTINSTALL=1.
- Downloaded tarballs are SHA-256 verified before extraction.
- No credential harvesting, exfiltration, eval, or foreign AI-agent config writes appear in inspected source.
- The lifecycle hook fetches and extracts but does not execute the runtime during installation.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings