registry  /  gurtcli  /  0.1.0

gurtcli@0.1.0

A coding agent in your terminal. Type what you want. It does the rest.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

Install-time code downloads and installs a native executable without integrity verification. The runtime CLI delegates execution to that installed binary, so JS source alone cannot establish binary behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall, then user runs gurtcli
Impact
Unverified remote binary can execute as the installing/running user if the release asset is malicious or replaced.
Mechanism
install-time native binary download and CLI spawn wrapper
Attack narrative
On npm install, install.js selects platform and architecture, downloads a tar.gz from the package's GitHub releases, extracts it into the package bin directory, makes it executable, and cli.js later spawns it. No malicious source behavior is visible, but the unverified binary payload is outside the inspected JS source trust boundary.
Rationale
The package has a real install-time native payload delivery path without integrity verification, but the endpoint is package-aligned and no exfiltration, persistence, or foreign agent-control mutation is present in inspected source. This warrants warning rather than publish blocking from static source inspection alone.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exeos.tmpdir()/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v0.1.0/gurtcli_0.1.0_<platform>_<arch>.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads platform tar.gz from GitHub releases during install
  • install.js extracts downloaded archive and chmods bin/gurtcli executable
  • cli.js spawns bin/gurtcli with user arguments
  • No checksum/signature verification before installing executable
Evidence against
  • Download URL is package-aligned: github.com/gru/gurtcli releases
  • No credential, env, or filesystem harvesting found in JS wrapper
  • No AI-agent control-surface writes or persistence hooks found
  • Only package-local bin/ and OS temp directory are written
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.45 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings