registry  /  teleforge-ai  /  1.0.15

teleforge-ai@1.0.15

TELEFORGE AI - AI-powered development tool

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The package is a JavaScript wrapper/downloader for a native Teleforge CLI binary. Risk remains because install-time code fetches a separate platform package and drops an executable not present in this tarball.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; teleforge CLI invocation can also download and run the binary
Impact
Executes a native binary obtained from npm platform packages or GitHub releases; source package itself shows no exfiltration or control-surface hijack.
Mechanism
platform binary downloader and executable launcher
Rationale
Static inspection found a real staged native-binary download/execute path, including install-time executable creation, but no source evidence of credential theft, destructive behavior, stealth persistence, or AI-agent control hijack. This should warn rather than block because the behavior is package-aligned yet the executable payload is outside the reviewed source tarball.
Evidence
package.jsonscript/postinstall.mjsbin/teleforgeREADME.md.teleforge/tmp/teleforge-install-*/tmp/teleforge-dl-*node_modules/teleforge-<platform>-<arch>/bin/teleforge
Network endpoints1
github.com/TELEFORGEAI/TELEFORGE/releases/download/v1.0.3/<asset>

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Unknown with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node ./script/postinstall.mjs
  • script/postinstall.mjs invokes npm install for platform package teleforge-<platform>-<arch>@1.0.4 during install
  • script/postinstall.mjs copies/links downloaded binary to .teleforge and chmods it executable
  • bin/teleforge downloads release archives from GitHub and extracts/runs a cached .teleforge binary when invoked
  • bin/teleforge uses tar/PowerShell extraction and child_process.spawn to execute the native binary
Evidence against
  • No credential, environment, SSH, or home-directory harvesting found in package source
  • No AI-agent configuration or foreign control-surface writes found
  • Postinstall package selection is derived from OS/CPU only, not attacker/user-controlled arguments
  • Network activity is package-aligned binary acquisition for the Teleforge CLI
  • No destructive persistence beyond cached project package binary .teleforge was observed
Behavioral surface
Source
ChildProcessFilesystemShell
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 4.72 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./script/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./script/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High1 Medium2 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
LowScripts Present
LowFilesystem