registry  /  gurtcli  /  0.9.0

gurtcli@0.9.0

A coding agent in your terminal. Type what you want. It does the rest.

AI Security Review

scanned 5d ago · by lpm-firewall-ai

The package is a thin npm wrapper that downloads and runs a platform native binary. Static JS inspection does not show concrete malicious behavior, but the install-time fetched binary is not inspectable in this package source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user invoking gurtcli runs cli.js
Impact
Unresolved supply-chain risk from code fetched during installation; no confirmed malicious action in package source.
Mechanism
install-time remote binary download and runtime native binary spawn
Attack narrative
On install, install.js selects OS/architecture, downloads a tar.gz from the package's GitHub release for v0.9.0 into a temporary directory, extracts it into ./bin, and makes the resulting binary executable. cli.js later checks for that binary and spawns it with inherited stdio and user-provided arguments. The inspected package source does not itself harvest credentials, persist, mutate agent control surfaces, or exfiltrate data.
Rationale
The lifecycle script fetches and installs an opaque native executable, which is a real unresolved risk by source-only inspection, but the visible JS behavior is package-aligned and lacks concrete attack behavior. This warrants warning rather than blocking.
Evidence
package.jsoninstall.jscli.jsbin/gurtclibin/gurtcli.exe/tmp/gurtcli-*
Network endpoints1
github.com/gru/gurtcli/releases/download/v0.9.0/gurtcli_0.9.0_<goos>_<goarch>.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.js
  • install.js downloads a platform archive from GitHub releases during install and extracts it with tar
  • cli.js spawns a downloaded native binary from ./bin with user arguments
Evidence against
  • No source code writes AI-agent config, shell startup files, VCS hooks, or persistence locations
  • No credential/env harvesting or exfiltration logic in inspected JS files
  • Network endpoint is package-aligned GitHub releases for the declared repository/version
  • No bundled payload files were present in the extracted package
Behavioral surface
Source
ChildProcessFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.45 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings