AI Security Review
scanned 5d ago · by lpm-firewall-aiThe package is a thin npm wrapper that downloads and runs a platform native binary. Static JS inspection does not show concrete malicious behavior, but the install-time fetched binary is not inspectable in this package source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking gurtcli runs cli.js
Impact
Unresolved supply-chain risk from code fetched during installation; no confirmed malicious action in package source.
Mechanism
install-time remote binary download and runtime native binary spawn
Attack narrative
On install, install.js selects OS/architecture, downloads a tar.gz from the package's GitHub release for v0.9.0 into a temporary directory, extracts it into ./bin, and makes the resulting binary executable. cli.js later checks for that binary and spawns it with inherited stdio and user-provided arguments. The inspected package source does not itself harvest credentials, persist, mutate agent control surfaces, or exfiltrate data.
Rationale
The lifecycle script fetches and installs an opaque native executable, which is a real unresolved risk by source-only inspection, but the visible JS behavior is package-aligned and lacks concrete attack behavior. This warrants warning rather than blocking.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exe/tmp/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v0.9.0/gurtcli_0.9.0_<goos>_<goarch>.tar.gz
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node install.js
- install.js downloads a platform archive from GitHub releases during install and extracts it with tar
- cli.js spawns a downloaded native binary from ./bin with user arguments
Evidence against
- No source code writes AI-agent config, shell startup files, VCS hooks, or persistence locations
- No credential/env harvesting or exfiltration logic in inspected JS files
- Network endpoint is package-aligned GitHub releases for the declared repository/version
- No bundled payload files were present in the extracted package
Behavioral surface
ChildProcessFilesystemNetwork
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings