AI Security Review
scanned 1d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established by source inspection. The package has a risky but package-aligned postinstall binary acquisition path for a local AI CLI.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; later user runs tura CLI
Impact
Installs release binaries into package target/release; no confirmed unconsented foreign agent control-surface mutation or data exfiltration.
Mechanism
platform binary install/copy and CLI delegation
Rationale
The lifecycle hook performs package-aligned release artifact installation and does not execute planted agent instructions, mutate foreign AI-agent surfaces, or harvest credentials. The remaining network, shell, and profile-modification primitives are either runtime functionality of the AI coding platform or explicitly user-invoked setup scripts, so the package is not malicious by static source inspection.
Evidence
package.jsonscripts/npm/install-release.mjsscripts/npm/release-artifacts.mjsnpm/tura.mjsscripts/register-cli.shscripts/register-cli.ps1target/releasecrates/provider/config/provider_config.jsonassets/tura/icon.ico
Network endpoints1
github.com/Tura-AI/test-tura/releases/download
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- package.json defines postinstall: node ./scripts/npm/install-release.mjs
- scripts/npm/install-release.mjs downloads and extracts platform release archives when optional platform package is absent
- scripts/register-cli.sh/ps1 can modify user PATH/profile files, but is not called by postinstall
Evidence against
- npm/tura.mjs only delegates user-invoked CLI args to packaged release binary
- postinstall copies optional platform package artifacts or downloads from package-aligned GitHub release URL
- No install-time writes to Claude/Codex/Cursor/MCP control surfaces found
- No credential harvesting or exfiltration logic found in npm entrypoint or postinstall
- Provider endpoints and token env names are app configuration for an AI tool, not install-time exfiltration
- High-entropy assets are normal icon files under assets/tura
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsObfuscatedUrlStrings
CopyleftLicense
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node ./scripts/npm/install-release.mjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgscripts/check-backend-quality.ps1View file
•path = scripts/check-backend-quality.ps1
kind = build_helper
sizeBytes = 3962
magicHex = [redacted]
Medium
Ships Build Helper
Package ships non-JavaScript build or shell helper files.
scripts/check-backend-quality.ps1View on unpkgassets/tura/icon.icoView file
•path = assets/tura/icon.ico
kind = high_entropy_blob
sizeBytes = 11142
magicHex = [redacted]
High
Ships High Entropy Blob
Package ships high-entropy non-source blobs.
assets/tura/icon.icoView on unpkgscripts/tests/scripts/test-install.ps1View file
•path = scripts/tests/scripts/test-install.ps1
kind = payload_in_excluded_dir
sizeBytes = 26985
magicHex = [redacted]
High
Payload In Excluded Dir
Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
scripts/tests/scripts/test-install.ps1View on unpkgFindings
4 High4 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated
HighShips High Entropy Blobassets/tura/icon.ico
HighPayload In Excluded Dirscripts/tests/scripts/test-install.ps1
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/check-backend-quality.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License