AI Security Review
scanned 2h ago · by lpm-firewall-aiInstallation retrieves an unverified platform-native executable, which the package launcher runs later. The remote binary is not included in the reviewed package source.
Static reason
One or more suspicious static signals were detected.
Trigger
`npm install` runs postinstall; an explicit `sarvam` or `sarvam-cli` command executes the binary.
Impact
A compromised or replaced release artifact can obtain arbitrary code execution when the CLI is invoked.
Mechanism
postinstall remote binary download, extraction, and launcher execution
Rationale
The source establishes an unverified install-time remote binary delivery and execution chain, so it cannot be marked clean by static inspection. Its repository- and version-aligned endpoint makes concrete malicious intent unproven; warn rather than block.
Evidence
package.jsoninstall.mjsbin/sarvam-cli.mjsbin/native/sarvam-clibin/native/sarvam-cli.exe
Network endpoints1
github.com/prashlkam/Sarvam-CLI/releases/download/v${version}/${archive}
Decision evidence
public snapshotAI called this Suspicious at 93.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `package.json` runs `node install.mjs` as `postinstall`.
- `install.mjs` downloads a versioned native archive from GitHub during install.
- `install.mjs` extracts the archive and writes `bin/native/sarvam-cli`.
- No checksum, signature, or pinned artifact digest verifies the downloaded binary.
- `bin/sarvam-cli.mjs` executes the downloaded native binary with user arguments.
Evidence against
- URLs are fixed to the package's declared GitHub repository and package version.
- The JavaScript source contains no credential harvesting, broad file collection, or exfiltration.
- No AI-agent configuration mutation, persistence hook, or destructive action is present in inspected source.
Behavioral surface
ChildProcessFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node install.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node install.mjs
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings