AI Security Review
scanned 6d ago · by lpm-firewall-aiThe package installs by downloading and extracting a platform-specific native binary from GitHub releases, then the CLI wrapper executes that binary. The JavaScript source itself does not show data theft, persistence, or control-surface hijacking, but the runtime payload is not present for source inspection.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall and later user-invoked gurtcli command
Impact
Uninspected release binary executes with user privileges when invoked; install hook writes the binary into the package bin directory.
Mechanism
install-time remote native binary download and CLI spawn
Attack narrative
On install, install.js selects the current OS/architecture, downloads a gurtcli release archive from GitHub, extracts it with tar into ./bin, and marks it executable. The published source then exposes cli.js as the bin entry, which spawns the installed native binary with the user's arguments.
Rationale
Static source inspection shows a staged native payload delivery pattern, but the endpoint is package-aligned and there is no confirmed malicious JS behavior or unconsented mutation of foreign control surfaces. Treat as unresolved binary-carrier risk rather than publish-block malware.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exeos.tmpdir()/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v0.4.0/gurtcli_0.4.0_<goos>_<goarch>.tar.gz
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads a platform archive from GitHub releases during install
- install.js extracts the downloaded tar.gz via execSync tar into ./bin
- cli.js spawns ./bin/gurtcli with inherited stdio
Evidence against
- No credential/env harvesting found in inspected JS
- No persistence, shell startup, VCS hook, or AI-agent control-surface writes found
- Network endpoint is package-aligned GitHub release URL
- No obfuscated JS, eval/vm/Function, or reviewer-prompt injection found
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings