@sciagent/cli @1.0.69
Vulnerability report · Last retrieved from osv.dev July 16, 2026 at 7:58 PM UTC
OSV ID
MAL-2026-10718
Ecosystem
npm
Summary
scripts/postinstall.js fetches a ~10MB+ 'sciagent' executable over HTTPS from https://u250924-adc6-f977430f.westb.seetacloud.com:8443 (a rented seetacloud.com subdomain that does not match the package's declared publisher), writes it to ~/.sciagent/bin/sciagent, chmods it 0755, and the CLI shim subsequently spawns it. No hash, signature, or publisher check is performed on the fetched bytes; the URL is also overridable via a RELEASE_SERVER_URL environment variable. A fallback branch runs an unpinned npm install -g @tencent-ai/codebuddy-code at postinstall time and writes a wrapper that requires the resolved codebuddy-headless.js, so whatever version of that unrelated third-party package is current at install time is auto-installed globally and loaded by the sciagent CLI. Publisher metadata (gitee garva/research-agent, 'SciAgent Team') does not match either the seetacloud host or the poisondrinker/research-agent GitHub fallback referenced in the same script. Installing the package causes the installer's machine to execute opaque bytes retrieved from a non-publisher host at install time.
Source: amazon-inspector (310123a94891174b8cfa55def38b6e916b89d43306a52793739f26289fe51e4d)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.