registry  /  apteva  /  0.24.16

apteva@0.24.16

AI agent platform with multi-thread orchestration, MCP integrations, and dashboard

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface in the inspected npm source. The install hook is a package-aligned binary installer for the Apteva CLI, with broad agent capabilities only after user invocation.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs apteva bin
Impact
Installs and launches Apteva's own binaries; no source evidence of unconsented foreign agent control-surface mutation or exfiltration.
Mechanism
GitHub release binary download, extraction, symlink setup, and CLI binary spawn
Rationale
Static inspection found a postinstall binary installer and CLI shim consistent with the package's documented Apteva agent platform, but no malicious install-time behavior, secret theft, persistence outside its namespace, or foreign AI-agent hijack. The scanner signals are explained by package-aligned download/extract/spawn behavior.
Evidence
package.jsoninstall.jscli.jsREADME.md~/.apteva/releases/apteva-0.24.16-<platform>-<arch>.tar.gz~/.apteva/versions/0.24.16/~/.apteva/bin/current~/.apteva/bin/apteva~/.apteva/bin/apteva-server~/.apteva/bin/apteva-core./apteva./apteva-server./apteva-core
Network endpoints2
github.com/apteva/apteva/releases/download/v0.24.16/apteva-0.24.16-<platform>-<arch>.tar.gzgithub.com/apteva/apteva/releases/tag/v0.24.16

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json runs postinstall: node install.js
  • install.js downloads a platform tarball from GitHub releases and extracts it with tar
  • install.js writes binaries, tarballs, and symlinks under APTEVA_HOME default ~/.apteva
  • cli.js spawns the resolved apteva binary and passes through process.env
Evidence against
  • No code writes Claude/Codex/Cursor/MCP config or other foreign AI-agent control surfaces
  • No credential harvesting or outbound exfiltration logic found in JS source
  • Network access is package-aligned to github.com/apteva/apteva release assets
  • Install-time writes are limited to package install dir and first-party ~/.apteva namespace
  • Runtime agent capabilities are activated by user invoking the apteva CLI
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
29const http = require("http"); L30: const { execSync } = require("child_process"); L31:
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L29
27const path = require("path"); L28: const https = require("https"); L29: const http = require("http"); L30: const { execSync } = require("child_process"); L31: ... L40: // by hand; both files are short and the shape is fixed. L41: const APTEVA_HOME = process.env.APTEVA_HOME || path.join(os.homedir(), ".apteva"); L42: const VERSIONS_DIR = path.join(APTEVA_HOME, "versions");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L27

Findings

4 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighShell
HighSame File Env Network Executioninstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings