registry  /  canary-test-cli  /  5.6.0

canary-test-cli@5.6.0

Canary — AI-powered test automation agent

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a postinstall binary downloader plus CLI wrapper, which matches a binary CLI distribution pattern but lacks an in-package checksum.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user running canary invokes bin/canary.js
Impact
Installs and executes a package-provided native binary when invoked by the user; no source evidence of exfiltration or unauthorized mutation
Mechanism
GitHub release binary download and execFileSync CLI wrapper
Rationale
Source inspection shows install-time network download and later execution of a GitHub release binary, but those behaviors are package-aligned for a CLI binary installer and are constrained to expected hosts. No credential theft, data exfiltration, persistence, destructive behavior, or unconsented AI-agent control mutation was found in package source.
Evidence
package.jsonscripts/install.jsbin/canary.jsbin/canarybin/canary.exe
Network endpoints6
github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-linux-x64github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-darwin-arm64github.com/bop-clocktower/canary/releases/download/v5.6.0/canary-win32-x64.exegithub.comobjects.githubusercontent.comrelease-assets.githubusercontent.com

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall: node scripts/install.js
  • scripts/install.js downloads a platform binary during install
  • bin/canary.js executes the downloaded bin/canary or bin/canary.exe via execFileSync
Evidence against
  • scripts/install.js downloads only from GitHub release URL for package version
  • redirect validation restricts hosts to github.com and GitHub asset hosts
  • No env/credential/file harvesting found
  • No persistence, destructive actions, eval/vm/Function, or AI-agent control-surface writes found
  • bin/canary.js only forwards user CLI args to package binary
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.60 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings