registry  /  tura-ai  /  0.1.14

tura-ai@0.1.14

Local AI coding system with Rust services, command packages, TUI, and GUI workspaces.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. The package has a risky but package-aligned postinstall binary acquisition path for a local AI CLI.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall; later user runs tura CLI
Impact
Installs release binaries into package target/release; no confirmed unconsented foreign agent control-surface mutation or data exfiltration.
Mechanism
platform binary install/copy and CLI delegation
Rationale
The lifecycle hook performs package-aligned release artifact installation and does not execute planted agent instructions, mutate foreign AI-agent surfaces, or harvest credentials. The remaining network, shell, and profile-modification primitives are either runtime functionality of the AI coding platform or explicitly user-invoked setup scripts, so the package is not malicious by static source inspection.
Evidence
package.jsonscripts/npm/install-release.mjsscripts/npm/release-artifacts.mjsnpm/tura.mjsscripts/register-cli.shscripts/register-cli.ps1target/releasecrates/provider/config/provider_config.jsonassets/tura/icon.ico
Network endpoints1
github.com/Tura-AI/test-tura/releases/download

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines postinstall: node ./scripts/npm/install-release.mjs
  • scripts/npm/install-release.mjs downloads and extracts platform release archives when optional platform package is absent
  • scripts/register-cli.sh/ps1 can modify user PATH/profile files, but is not called by postinstall
Evidence against
  • npm/tura.mjs only delegates user-invoked CLI args to packaged release binary
  • postinstall copies optional platform package artifacts or downloads from package-aligned GitHub release URL
  • No install-time writes to Claude/Codex/Cursor/MCP control surfaces found
  • No credential harvesting or exfiltration logic found in npm entrypoint or postinstall
  • Provider endpoints and token env names are app configuration for an AI tool, not install-time exfiltration
  • High-entropy assets are normal icon files under assets/tura
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsObfuscatedUrlStrings
Manifest
CopyleftLicense
scanned 213 file(s), 1.21 MB of source, external domains: 127.0.0.1, cdn.jsdelivr.net, example.test, github.com

Source & flagged code

4 flagged · loading source
package.jsonView file
scripts.postinstall = node ./scripts/npm/install-release.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts/check-backend-quality.ps1View file
path = scripts/check-backend-quality.ps1 kind = build_helper sizeBytes = 3962 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-backend-quality.ps1View on unpkg
assets/tura/icon.icoView file
path = assets/tura/icon.ico kind = high_entropy_blob sizeBytes = 11142 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/tura/icon.icoView on unpkg
scripts/tests/scripts/test-install.ps1View file
path = scripts/tests/scripts/test-install.ps1 kind = payload_in_excluded_dir sizeBytes = 26985 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

scripts/tests/scripts/test-install.ps1View on unpkg

Findings

4 High4 Medium5 Low
HighInstall Time Lifecycle Scriptspackage.json
HighObfuscated
HighShips High Entropy Blobassets/tura/icon.ico
HighPayload In Excluded Dirscripts/tests/scripts/test-install.ps1
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/check-backend-quality.ps1
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License