registry  /  clipal  /  0.21.2

clipal@0.21.2

Clipal CLI installer for the local LLM API gateway

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The package uses an npm postinstall hook to fetch and install a platform-specific native executable. No malicious behavior is visible in the JavaScript source, but the install-time remote binary creates unresolved executable payload risk.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall; later user invokes clipal CLI
Impact
Installs and executes a package-local native binary that was not present for source inspection.
Mechanism
install-time remote native binary download with checksum verification from the same release source
Attack narrative
On installation, postinstall resolves the OS/architecture asset, downloads checksums.txt and the matching Clipal binary from a GitHub releases base URL, verifies the binary hash against that checksum file, then copies it into vendor and makes it executable. The CLI wrapper checks that vendor binary exists and spawns it with user arguments. The inspected JS does not steal data or mutate agent settings, but the binary itself was remote and unavailable in the package source.
Rationale
This is not enough to call malicious because the behavior is disclosed, package-aligned, checksum-checked, and lacks concrete exfiltration or persistence in inspected source. It should be warned because install-time fetching and installing an opaque native executable leaves unresolved payload risk, especially with a host override environment variable.
Evidence
package.jsonscripts/postinstall.jsbin/clipal.jsREADME.mdvendor/clipalvendor/clipal.exeos.tmpdir()/clipal-npm-*/checksums.txtos.tmpdir()/clipal-npm-*/clipal-*
Network endpoints5
github.com/PAIArtCom/Clipal/releases/downloadclipal.paiart.comgithub.com/PAIArtCom/Clipal.gitgithub.com/PAIArtCom/Clipal/issuesregistry.npmjs.org/

Decision evidence

public snapshot
AI called this Suspicious at 80.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node ./scripts/postinstall.js
  • scripts/postinstall.js downloads checksums.txt and a platform executable during install
  • scripts/postinstall.js allows CLIPAL_NPM_BASE_URL to override the release download host
  • Downloaded executable is copied to vendor/clipal or vendor/clipal.exe and chmodded executable
  • bin/clipal.js later spawns the downloaded native binary
Evidence against
  • Download URLs default to package-aligned GitHub releases for PAIArtCom/Clipal
  • scripts/postinstall.js verifies SHA-256 against checksums.txt before installing the binary
  • No source evidence of credential harvesting, persistence, destructive behavior, or agent control-surface writes
  • No import-time execution beyond declared npm lifecycle; CLI execution is user-invoked after install
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 4.92 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings