registry  /  nastech-agentx  /  0.18.0

nastech-agentx@0.18.0

npm bridge for Nastech Agent 0.18.0: The self-improving AI agent — creates skills from experience, improves them during use, and runs anywhere

AI Security Review

scanned 4h ago · by lpm-firewall-ai

The npm package is a bridge that automatically installs and launches a pinned Python Nastech Agent runtime. No concrete malicious behavior is present in the npm wrapper source, but install-time pip execution creates package-aligned lifecycle risk.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; later nastech or nastech-agent CLI execution launches Python code
Impact
Python package code and dependencies may be installed into the global or user Python environment during npm install
Mechanism
install-time pip install of pinned Python runtime and CLI delegation
Rationale
Source inspection shows a small npm wrapper whose postinstall installs the package-aligned nastech-agent==0.18.0 Python runtime via pip, with no evidence of credential theft, exfiltration, persistence, or foreign AI-agent control-surface mutation. The automatic cross-ecosystem runtime install is real lifecycle risk, but it is documented and pinned rather than concrete malware.
Evidence
package.jsonscripts/postinstall.jslib/python-launcher.jsbin/nastech.jsbin/nastech-agent.jsREADME.mdSECURITY.md

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • package.json has postinstall: node scripts/postinstall.js
  • scripts/postinstall.js runs python -m pip install --upgrade nastech-agent==0.18.0 at install time
  • scripts/postinstall.js retries with --user if global pip install fails
  • bin/nastech.js and bin/nastech-agent.js launch Python entrypoints from the installed nastech-agent package
Evidence against
  • No curl/wget/fetch or hardcoded exfiltration endpoint in package source
  • No credential, SSH key, npm token, or home-directory harvesting found
  • No writes to Claude/Codex/Cursor/MCP control surfaces in npm package source
  • Lifecycle installs a pinned package-aligned Python runtime documented in README.md and SECURITY.md
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystem
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 5.71 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem