registry  /  mycel-cli  /  0.3.8

mycel-cli@0.3.8

mycel — AI agent orchestration. Coordinate teams of Claude, Gemini, Cursor, and other AI agents.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Install-time script downloads a remote release binary and executes it for version verification. This is package-aligned but creates unpinned install-time remote code execution risk.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install or npm install -g
Impact
Remote release content can replace bin/mycel and run during install verification; no source evidence of exfiltration or malicious behavior in the npm package itself.
Mechanism
postinstall GitHub release binary downloader and verifier
Rationale
Static source inspection does not establish malicious intent or attack behavior, but the postinstall path downloads and executes an unpinned remote binary from GitHub Releases. This warrants a warning rather than a publish block.
Evidence
package.jsoninstall.mjsbin/mycelREADME.md
Network endpoints2
api.github.com/repos/rpuneet/mycel/releases/latestgithub.com/rpuneet/mycel/releases/download/v${version}/mycel_${version}_${os}_${arch}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node install.mjs
  • install.mjs fetches latest release metadata from https://api.github.com/repos/rpuneet/mycel/releases/latest
  • install.mjs downloads a platform tarball from GitHub Releases, writes bin/mycel, chmods it executable, then runs bin/mycel version
  • getVersion prefers latest GitHub release over the npm package version, so install artifact is not pinned to 0.3.8
Evidence against
  • Network endpoints are package-aligned to the declared repository rpuneet/mycel
  • No credential, env, SSH, or project file harvesting found
  • No eval/vm/Function, shell string execution, persistence, destructive action, or AI-agent config mutation found
  • bin/mycel is only a placeholder shell script before postinstall
  • README openly documents the binary download behavior
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.31 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings