registry  /  apteva  /  0.24.18

apteva@0.24.18

AI agent platform with multi-thread orchestration, MCP integrations, and dashboard

AI Security Review

scanned 9d ago · by lpm-firewall-ai

Install hook fetches and stages first-party native binaries, then the CLI runs them on user invocation. This is a package-aligned binary installer but source inspection cannot validate the downloaded payload.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install/npx install runs postinstall; user later runs apteva
Impact
Unverified native executable is installed under package-owned ~/.apteva paths and later executed by cli.js
Mechanism
postinstall remote binary download and local shim execution
Rationale
The postinstall binary download and execution pathway is real but package-aligned and disclosed by the package purpose; no source evidence shows exfiltration, destructive behavior, persistence outside package-owned paths, or foreign AI-agent control hijacking. Because the downloaded native payload is not inspectable from this package source and lacks visible integrity verification, downgrade to warn rather than block or mark fully clean.
Evidence
package.jsoninstall.jscli.jsREADME.md~/.apteva/releases/apteva-0.24.18-<platform>-<arch>.tar.gz~/.apteva/versions/0.24.18/~/.apteva/bin/current~/.apteva/bin/apteva~/.apteva/bin/apteva-server~/.apteva/bin/apteva-core./apteva./apteva-server./apteva-core
Network endpoints2
github.com/apteva/apteva/releases/download/v0.24.18/apteva-0.24.18-<platform>-<arch>.tar.gzgithub.com/apteva/apteva/releases/tag/v0.24.18

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node install.js
  • install.js downloads platform tarball from GitHub releases during install
  • install.js writes binaries under ~/.apteva/versions/0.24.18 and copies them into package dir
  • install.js extracts via execSync tar and can fallback to go build
  • cli.js spawns resolved apteva binary with inherited environment
Evidence against
  • Network target is package-aligned: github.com/apteva/apteva releases
  • No credential harvesting or exfiltration found in JS sources
  • No foreign AI-agent config/control-surface mutation found
  • Runtime execution is through declared bin cli.js after user invokes apteva
  • Only package-owned ~/.apteva paths are modified
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 10.1 KB of source, external domains: github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
install.jsView file
29const http = require("http"); L30: const { execSync } = require("child_process"); L31:
High
Child Process

Package source references child process execution.

install.jsView on unpkg · L29
27const path = require("path"); L28: const https = require("https"); L29: const http = require("http"); L30: const { execSync } = require("child_process"); L31: ... L40: // by hand; both files are short and the shape is fixed. L41: const APTEVA_HOME = process.env.APTEVA_HOME || path.join(os.homedir(), ".apteva"); L42: const VERSIONS_DIR = path.join(APTEVA_HOME, "versions");
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

install.jsView on unpkg · L27

Findings

4 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processinstall.js
HighShell
HighSame File Env Network Executioninstall.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings