registry  /  gurtcli  /  0.4.0

gurtcli@0.4.0

A coding agent in your terminal. Type what you want. It does the rest.

AI Security Review

scanned 6d ago · by lpm-firewall-ai

The package installs by downloading and extracting a platform-specific native binary from GitHub releases, then the CLI wrapper executes that binary. The JavaScript source itself does not show data theft, persistence, or control-surface hijacking, but the runtime payload is not present for source inspection.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall and later user-invoked gurtcli command
Impact
Uninspected release binary executes with user privileges when invoked; install hook writes the binary into the package bin directory.
Mechanism
install-time remote native binary download and CLI spawn
Attack narrative
On install, install.js selects the current OS/architecture, downloads a gurtcli release archive from GitHub, extracts it with tar into ./bin, and marks it executable. The published source then exposes cli.js as the bin entry, which spawns the installed native binary with the user's arguments.
Rationale
Static source inspection shows a staged native payload delivery pattern, but the endpoint is package-aligned and there is no confirmed malicious JS behavior or unconsented mutation of foreign control surfaces. Treat as unresolved binary-carrier risk rather than publish-block malware.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exeos.tmpdir()/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v0.4.0/gurtcli_0.4.0_<goos>_<goarch>.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform archive from GitHub releases during install
  • install.js extracts the downloaded tar.gz via execSync tar into ./bin
  • cli.js spawns ./bin/gurtcli with inherited stdio
Evidence against
  • No credential/env harvesting found in inspected JS
  • No persistence, shell startup, VCS hook, or AI-agent control-surface writes found
  • Network endpoint is package-aligned GitHub release URL
  • No obfuscated JS, eval/vm/Function, or reviewer-prompt injection found
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.45 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings