registry  /  gitrunbykaru  /  2.0.1

gitrunbykaru@2.0.1

Run conventional GitHub repositories locally with one command.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

An explicit CLI command clones and executes an arbitrary GitHub repository locally. Dependency installation and launch commands are intentionally unsandboxed, so a malicious target repository can execute code and receive inherited environment variables.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `gitrunbykaru <repo-url>`.
Impact
Target-repository scripts and dependency lifecycle hooks can execute with the invoking user's privileges.
Mechanism
Clone, install, and run an untrusted repository.
Rationale
The package contains a real, intentional unsandboxed arbitrary-repository execution capability, but no hidden package-level malicious behavior was found. Flag as a dangerous capability rather than block it as malware.
Evidence
package.jsonbin/gitrunbykaru.jssrc/index.jssrc/clone.jssrc/detect.jssrc/runner.jssrc/strategies/node.jssrc/strategies/python.js<cloned-repo>/.env
Network endpoints2
github.comlocalhost

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `src/clone.js` clones a user-supplied repository into a temporary directory.
  • `src/strategies/node.js` runs package-manager installs in the clone, including lifecycle hooks.
  • `src/runner.js` runs detected project commands with inherited `process.env`.
  • `src/runner.js` creates `<cloned-repo>/.env` from an example file without sandboxing.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare hook.
  • `bin/gitrunbykaru.js` activates behavior only after an explicit CLI invocation.
  • No source exfiltrates credentials or contacts a non-local service beyond Git cloning.
  • No eval, payload download, persistence, destructive action, or AI-agent configuration write was found.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 29.2 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
src/runner.jsView file
1import { spawn, spawnSync } from 'child_process'; L2: import { log, printSuccess, printError, printWarning } from './logger.js';
High
Child Process

Package source references child process execution.

src/runner.jsView on unpkg · L1
src/strategies/node.jsView file
25spinner.text = ' npm ci failed, falling back to npm install...'; L26: execSync('npm install --prefer-offline --no-audit --no-fund', { L27: cwd: dir,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/strategies/node.jsView on unpkg · L25

Findings

3 High2 Medium3 Low
HighChild Processsrc/runner.js
HighShell
HighRuntime Package Installsrc/strategies/node.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings