registry  /  canary-test-cli  /  5.7.0

canary-test-cli@5.7.0

Canary — AI-powered test automation agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Install-time code fetches an executable from a GitHub release and stores it in `bin/`. A later explicit CLI invocation runs that unverified executable. No confirmed data-exfiltration or AI-agent control-surface behavior is present.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` downloads the binary; running `canary` executes it.
Impact
A compromised or substituted release asset could run arbitrary code when the CLI is invoked.
Mechanism
Unverified install-time remote binary bootstrapper
Rationale
Source confirms an unverified install-time executable download and later execution path. The destination and redirect allowlist look package-aligned, so this is a warning-level staged-payload risk rather than confirmed malware.
Evidence
package.jsonscripts/install.jsbin/canary.jsbin/canarybin/canary.exe
Network endpoints4
github.com/bop-clocktower/canary/releases/download/v5.7.0/canary-{platform}github.comobjects.githubusercontent.comrelease-assets.githubusercontent.com

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `package.json` defines `postinstall: node scripts/install.js`.
  • `scripts/install.js` downloads a platform-specific executable during installation.
  • The download has no checksum, signature, or pinned artifact verification.
  • `scripts/install.js` writes and marks `bin/canary`/`bin/canary.exe` executable.
  • `bin/canary.js` executes the downloaded binary on explicit `canary` use.
Evidence against
  • Release URL is fixed to the package's GitHub repository and version.
  • Redirects are restricted to three GitHub-owned hosts.
  • No credential harvesting, environment collection, AI-agent mutation, or destructive logic appears in inspected files.
  • The installer downloads but does not execute the binary during `postinstall`.
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.60 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings