AI Security Review
scanned 6d ago · by lpm-firewall-aiThe package installs and later runs a platform-specific native binary fetched at install time. Source inspection does not show malicious JS behavior, but the downloaded executable is not present in the package and no checksum verification is implemented.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs gurtcli CLI
Impact
Unverified remote binary executes with user privileges if installed or invoked
Mechanism
install-time remote native binary download and CLI spawn
Attack narrative
On install, install.js selects the OS/arch, downloads a release archive from github.com/gru/gurtcli, extracts it into the package bin directory, and marks it executable. The bin entry cli.js then launches that native binary with user-supplied arguments. The endpoint is package-aligned and no source-level exfiltration or persistence is visible, but the package ships a remote executable installer without integrity verification.
Rationale
This is not confirmed malicious from source inspection, but install-time retrieval and execution of an unverifiable native payload leaves unresolved supply-chain risk. Treat as warn rather than block because the network location and runtime behavior are package-aligned and no concrete attack behavior is present in inspected files.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exeos.tmpdir()/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v${version}/${archive}
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads a versioned tar.gz from GitHub releases during install
- install.js extracts the archive with tar and chmods bin/gurtcli executable
- cli.js spawns the installed native binary with inherited stdio
Evidence against
- Only three package files are present: package.json, install.js, cli.js
- Download URL is package-aligned: github.com/gru/gurtcli releases matching package version
- No credential/env harvesting, AI-agent config writes, persistence, or destructive project/home mutations found
- No obfuscated strings, eval/vm/Function, or arbitrary dynamic require/import found
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings