registry  /  mycel-cli  /  0.3.6

mycel-cli@0.3.6

mycel — AI agent orchestration. Coordinate teams of Claude, Gemini, Cursor, and other AI agents.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The package is a thin npm installer for a native mycel CLI binary. The unresolved risk is install-time download and execution of a remote release artifact, but no source-level malicious behavior is present in the package files.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
Unpinned remote binary execution at install time if the upstream release asset is compromised or changed.
Mechanism
downloads GitHub release tarball, extracts mycel binary, chmods it, and executes mycel version
Attack narrative
On install, install.mjs detects the platform, queries GitHub for the latest rpuneet/mycel release, downloads a matching tar.gz, extracts the mycel binary into bin/mycel, chmods it executable, and runs it with the version argument. This is documented installer behavior, but it creates install-time remote binary execution risk.
Rationale
Source inspection found a package-aligned binary installer with unpinned install-time download and execution, but no concrete malicious payload, exfiltration, persistence, or foreign AI-agent control-surface mutation. Treat as a warning-level remote binary installer risk rather than a publish block.
Evidence
package.jsoninstall.mjsbin/mycelREADME.md
Network endpoints2
api.github.com/repos/rpuneet/mycel/releases/latestgithub.com/rpuneet/mycel/releases/download/v${version}/mycel_${version}_${os}_${arch}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.mjs
  • install.mjs fetches latest release metadata from api.github.com instead of pinning package version
  • install.mjs downloads a platform tar.gz from GitHub Releases, writes bin/mycel, chmods it executable, then runs bin/mycel version
Evidence against
  • Only package files present are package.json, install.mjs, bin/mycel, README.md, LICENSE
  • bin/mycel is a placeholder shell script until install.mjs replaces it
  • No credential/env harvesting, destructive file operations, persistence, shell startup/VCS hook writes, or AI-agent config/control-surface mutation found
  • Network use is aligned with documented binary installation from rpuneet/mycel GitHub releases
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.31 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings