registry  /  @threadplane/ag-ui  /  0.0.56

@threadplane/ag-ui@0.0.56

AG-UI protocol adapter for @threadplane/chat — works with any AG-UI-compatible backend.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious payload was found in this package's bundled source. The remaining risk is an install-time hook delegated to @threadplane/telemetry, which is package-aligned but not present in this extracted source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs package.json postinstall
Impact
Unresolved install-time execution risk; no confirmed exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation in inspected files.
Mechanism
delegated telemetry postinstall command plus user-configured AG-UI HTTP adapter
Rationale
The package is not malicious based on inspected source, but the install hook delegates execution to a wildcard dependency outside the extracted package, leaving real unresolved install-time risk. This supports a warning rather than a publish block.
Evidence
package.jsonfesm2022/threadplane-ag-ui.mjstypes/threadplane-ag-ui.d.tsREADME.md
Network endpoints3
github.com/cacheplane/angular-agent-framework.gitgithub.com/cacheplane/angular-agent-framework#readmegithub.com/cacheplane/angular-agent-framework/issues

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: threadplane-telemetry-postinstall || true
  • package.json depends on @threadplane/telemetry with wildcard version and executes its bin at install time
Evidence against
  • fesm2022/threadplane-ag-ui.mjs is an Angular/AG-UI adapter with no fs, child_process, eval, or credential harvesting found
  • Runtime network use is user-configured via new HttpAgent({ url: config.url }) in provideAgent
  • Telemetry in bundle only calls an app-provided sink; comments/types state no telemetry is emitted unless provided
  • Exports are library APIs: toAgent, provideAgent, injectAgent, FakeAgent, bridgeCitationsState
Behavioral surface
SourceNo risky source behavior triggered.
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 1 file(s), 49.8 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = threadplane-telemetry-postinstall || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = threadplane-telemetry-postinstall || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumWildcard Dependency
LowScripts Present
LowHigh Entropy Strings