registry  /  mycel-cli  /  0.3.9

mycel-cli@0.3.9

mycel — AI agent orchestration. Coordinate teams of Claude, Gemini, Cursor, and other AI agents.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

The package has install-time remote binary download and execution, which is a real supply-chain risk but appears package-aligned and documented. No confirmed malicious payload or unconsented foreign AI-agent control mutation is present in the shipped source.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall
Impact
Installs and briefly executes a remote mycel binary as the installing user
Mechanism
platform-specific GitHub release binary downloader and verifier
Attack narrative
On npm install, install.mjs detects the platform, queries GitHub for the latest rpuneet/mycel release, downloads the matching tar.gz, extracts a mycel executable into bin/mycel, chmods it, and runs mycel version. This creates install-time remote code execution risk, especially because it may use the latest release rather than the npm package version, but the behavior is documented and aligned with the CLI installer purpose.
Rationale
Static inspection found a documented package-aligned binary installer with install-time network download and execution, but no source evidence of malware, exfiltration, persistence, or agent control hijack. The unresolved risk is remote binary delivery at lifecycle time, so warn rather than block.
Evidence
package.jsoninstall.mjsbin/mycelREADME.md
Network endpoints2
api.github.com/repos/rpuneet/mycel/releases/latestgithub.com/rpuneet/mycel/releases/download/v{version}/mycel_{version}_{os}_{arch}.tar.gz

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node install.mjs
  • install.mjs downloads a platform tar.gz from GitHub Releases during npm install
  • install.mjs writes extracted binary to bin/mycel and chmods it executable
  • install.mjs runs the downloaded binary with execFileSync(BIN_PATH, ["version"])
Evidence against
  • README.md accurately documents the postinstall binary download behavior
  • Download hosts are package-aligned: rpuneet/mycel GitHub API and releases
  • No credential/env harvesting, home-directory agent config writes, persistence, destructive file operations, or broad AI-agent control-surface mutation found
  • bin/mycel is only a placeholder shell script before install
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.31 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings