AI Security Review
scanned 3h ago · by lpm-firewall-aiAn explicit CLI command clones and executes an arbitrary GitHub repository locally. Dependency installation and launch commands are intentionally unsandboxed, so a malicious target repository can execute code and receive inherited environment variables.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `gitrunbykaru <repo-url>`.
Impact
Target-repository scripts and dependency lifecycle hooks can execute with the invoking user's privileges.
Mechanism
Clone, install, and run an untrusted repository.
Rationale
The package contains a real, intentional unsandboxed arbitrary-repository execution capability, but no hidden package-level malicious behavior was found. Flag as a dangerous capability rather than block it as malware.
Evidence
package.jsonbin/gitrunbykaru.jssrc/index.jssrc/clone.jssrc/detect.jssrc/runner.jssrc/strategies/node.jssrc/strategies/python.js<cloned-repo>/.env
Network endpoints2
github.comlocalhost
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `src/clone.js` clones a user-supplied repository into a temporary directory.
- `src/strategies/node.js` runs package-manager installs in the clone, including lifecycle hooks.
- `src/runner.js` runs detected project commands with inherited `process.env`.
- `src/runner.js` creates `<cloned-repo>/.env` from an example file without sandboxing.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- `bin/gitrunbykaru.js` activates behavior only after an explicit CLI invocation.
- No source exfiltrates credentials or contacts a non-local service beyond Git cloning.
- No eval, payload download, persistence, destructive action, or AI-agent configuration write was found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcesrc/runner.jsView file
1import { spawn, spawnSync } from 'child_process';
L2: import { log, printSuccess, printError, printWarning } from './logger.js';
High
src/strategies/node.jsView file
25spinner.text = ' npm ci failed, falling back to npm install...';
L26: execSync('npm install --prefer-offline --no-audit --no-fund', {
L27: cwd: dir,
High
Runtime Package Install
Package source invokes a package manager install command at runtime.
src/strategies/node.jsView on unpkg · L25Findings
3 High2 Medium3 Low
HighChild Processsrc/runner.js
HighShell
HighRuntime Package Installsrc/strategies/node.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings