detecting-malicious-npm-packages

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper script scripts/agent.py uses subprocess.run to execute system commands including npm, guarddog, and tar. The implementation follows best practices by passing commands as lists rather than shell strings, which mitigates common command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download of npm package tarballs for analysis. In scripts/agent.py, the urllib.request.urlretrieve function is used to fetch tarballs from the npm registry. The workflow also utilizes curl for manual downloads.
  • [REMOTE_CODE_EXECUTION]: The skill documents a 'detonation' step (Step 8) which involves running npm install on suspect packages. This inherently triggers the execution of package lifecycle scripts. The skill provides prominent warnings that this should only be performed in isolated, disposable environments.
  • [SAFE_PRACTICES]: The script scripts/agent.py includes a path-traversal check during tarball extraction (if not m.name.startswith(('/', '..'))) and explicitly instructs the user to acquire packages with scripts disabled (--ignore-scripts) during the triage process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 01:35 AM
Security Audit — agent-trust-hub — detecting-malicious-npm-packages