registry  /  curiocity  /  0.1.1

curiocity@0.1.1

Evals/testing harness that drives interactive coding-agent CLIs over a real PTY.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is an eval harness that, when explicitly run, creates temp workspaces, launches configured agent CLIs, and records trial artifacts.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes the curiocity CLI; package install attempts a missing postinstall script.
Impact
User-authorized local CLI execution and result artifact writes; no source evidence of exfiltration, persistence, or unconsented global agent mutation.
Mechanism
agent-evaluation harness with temp workspace provisioning
Rationale
The suspicious primitives are package-aligned for an explicit coding-agent evaluation harness and are guarded to temp/workspace scopes. The lifecycle hook is broken/missing rather than a confirmed payload, and inspection found no credential harvesting, exfiltration, persistence, or install-time agent control hijack.
Evidence
package.jsonREADME.mddist/cli.jsdist/chunk-5YZPDJNM.jsdist/curion/main.js
Network endpoints3
griddynamics.github.io/rosetta/git+https://github.com/griddynamics/rosetta.gitgithub.com/griddynamics/rosetta/issues

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json declares postinstall "node scripts/fix-pty-perms.mjs", but no scripts/ file is present in the package.
  • Runtime can launch agent CLIs and user-configured shell setup/evaluator commands, but only via explicit curiocity CLI use.
Evidence against
  • Only published files are package.json, README.md, and dist outputs; no hidden install payload found.
  • dist/cli.js postinstall target is not present and no install-time code writes agent configs.
  • dist/chunk-5YZPDJNM.js renders Claude/Codex hooks/MCP config only into temp workspace or ctrl dirs during trials.
  • Codex adapter sets CODEX_HOME to a per-trial temp dir and refuses global plugin provisioning.
  • Claude adapter refuses plugin provisioning that would mutate global ~/.claude.
  • Child env filtering rejects secret-shaped env vars before worker launch.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 192 KB of source

Source & flagged code

1 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/fix-pty-perms.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 High1 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem