registry  /  @tetsuo-ai/agenc  /  0.6.0

@tetsuo-ai/agenc@0.6.0

Public AgenC CLI launcher package

AI Security Review

scanned 3h ago · by lpm-firewall-ai

npm postinstall fetches a large platform-specific runtime tarball from GitHub Releases, verifies a package-bundled SHA-256, and extracts it under ~/.agenc. The visible launcher later executes that opaque fetched runtime and may request its daemon start.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install triggers best-effort prefetch; invoking agenc executes the extracted runtime.
Impact
Remote payload contents are not present for source review; the package creates an opaque executable payload path outside node_modules.
Mechanism
SHA-pinned remote runtime download, extraction, and later execution
Rationale
No concrete malicious behavior is visible in the reviewed launcher source, but it is an install-time remote payload carrier that later executes opaque downloaded code. The postinstall hook does not execute the payload, so blocking is not justified under the stated policy.
Evidence
package.jsonscripts/postinstall.mjslib/runtime-manager.mjsgenerated/agenc-runtime-manifest.jsonsrc/launcher.mjs~/.agenc/runtime/<version>/$TMPDIR/agenc-runtime-<version>-<pid>.tar.gz
Network endpoints1
github.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall.
  • scripts/postinstall.mjs imports ensureRuntime during npm install.
  • lib/runtime-manager.mjs downloads a platform tarball and extracts it to ~/.agenc.
  • generated/agenc-runtime-manifest.json points to SHA-256-pinned GitHub release tarballs.
  • src/launcher.mjs executes the extracted runtime and can autostart its daemon.
Evidence against
  • Postinstall is non-fatal and skips when CI=true or AGENC_SKIP_POSTINSTALL=1.
  • Downloaded tarballs are SHA-256 verified before extraction.
  • No credential harvesting, exfiltration, eval, or foreign AI-agent config writes appear in inspected source.
  • The lifecycle hook fetches and extracts but does not execute the runtime during installation.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 23.3 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings