registry  /  mycel-cli  /  0.3.10

mycel-cli@0.3.10

mycel — AI agent orchestration. Coordinate teams of Claude, Gemini, Cursor, and other AI agents.

AI Security Review

scanned 18h ago · by lpm-firewall-ai

The package is an npm wrapper that installs a prebuilt first-party mycel binary from GitHub Releases. Static source shows install-time download and local binary replacement, but no confirmed malicious behavior in the JavaScript package itself.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install/postinstall
Impact
Executes downloaded package binary for version verification during install; runtime behavior depends on the fetched upstream binary.
Mechanism
platform binary downloader and extractor
Rationale
The suspicious lifecycle/network signals are explained by a documented package-aligned binary installer, with no evidence of exfiltration, persistence, control-surface hijacking, or untrusted shell execution in the inspected source. The lack of pinned checksums/signature verification is supply-chain risk but not concrete malicious behavior for this source review.
Evidence
package.jsoninstall.mjsbin/mycelREADME.md
Network endpoints2
api.github.com/repos/rpuneet/mycel/releases/latestgithub.com/rpuneet/mycel/releases/download/v${version}/mycel_${version}_${os}_${arch}.tar.gz

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • postinstall runs install.mjs on npm install
  • install.mjs fetches latest release metadata from api.github.com and downloads a platform tarball from github.com/rpuneet/mycel
  • install.mjs extracts an executable to bin/mycel and runs bin/mycel version during install
Evidence against
  • package contains only package.json, install.mjs, README.md, LICENSE, and placeholder bin/mycel
  • download hosts are package-aligned GitHub repository/release URLs documented in README.md
  • no credential/env harvesting, destructive file operations, persistence, shell startup/VCS hook writes, or foreign AI-agent config writes found
  • child_process use is execFileSync(BIN_PATH, ['version']) with no shell and fixed arguments
  • bin/mycel placeholder only prints an install failure message and exits
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.31 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings