detecting-malicious-npm-packages
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The helper script
scripts/agent.pyusessubprocess.runto execute system commands includingnpm,guarddog, andtar. The implementation follows best practices by passing commands as lists rather than shell strings, which mitigates common command injection risks. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of npm package tarballs for analysis. In
scripts/agent.py, theurllib.request.urlretrievefunction is used to fetch tarballs from the npm registry. The workflow also utilizescurlfor manual downloads. - [REMOTE_CODE_EXECUTION]: The skill documents a 'detonation' step (Step 8) which involves running
npm installon suspect packages. This inherently triggers the execution of package lifecycle scripts. The skill provides prominent warnings that this should only be performed in isolated, disposable environments. - [SAFE_PRACTICES]: The script
scripts/agent.pyincludes a path-traversal check during tarball extraction (if not m.name.startswith(('/', '..'))) and explicitly instructs the user to acquire packages with scripts disabled (--ignore-scripts) during the triage process.
Audit Metadata