registry  /  teleforge-ai  /  1.0.27

teleforge-ai@1.0.27

TELEFORGE AI - AI-powered development tool

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Installation automatically retrieves an unsigned platform-native archive and executes its binary for a version check. The CLI repeats the remote-binary download and execution path when no cached or companion binary exists. No source evidence shows credential theft, AI-agent control-surface mutation, or destructive behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall; explicit `teleforge` invocation when the local binary is absent
Impact
A compromised release asset or unrestricted redirect target can execute arbitrary native code under the installing user's account.
Mechanism
remote release archive download, extraction, package-local binary replacement, and native process execution
Rationale
Source inspection confirms an install-time remote native payload execution chain with inadequate integrity validation. The available source does not establish malicious intent or a concrete harmful payload, so warning is proportionate rather than blocking.
Evidence
package.jsonscript/postinstall.mjsbin/teleforge.teleforge.teleforge-version
Network endpoints2
github.com/TELEFORGEAI/TELEFORGEE/releases/download/v${version}/${zipName}github.com/TELEFORGEAI/TELEFORGEE/releases/download/v1.0.27/${assetName}

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node ./script/postinstall.mjs` on install.
  • `script/postinstall.mjs` downloads a GitHub release archive, extracts it, and writes `.teleforge`.
  • Postinstall executes the downloaded `.teleforge --version`; version text is the only validation.
  • HTTP redirects are followed without restricting the destination host.
  • `bin/teleforge` can also download, extract, chmod, and execute a release binary.
Evidence against
  • Network URL is fixed to the package-aligned `TELEFORGEAI/TELEFORGEE` GitHub repository.
  • Inspected scripts contain no credential harvesting, data exfiltration, agent-config writes, eval, or destructive project-wide actions.
  • Writes are limited to package-local `.teleforge` and `.teleforge-version` plus temporary directories.
Behavioral surface
Source
ChildProcessFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 6.98 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node ./script/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node ./script/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings