Is agent-relay safe to install?

agent-relay was flagged as CRITICAL RISK (risk score 1162) with 83 findings detected across 1170 files. Review the findings before installing.

What security issues were found in agent-relay?

Sigil detected 83 findings in agent-relay, including patterns related to provenance, network_exfil, code_patterns, install_hooks. See the full scan report for details.

agent-relay Security Scan — CRITICAL RISK | Sigil

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/install.sh:5

# Agent Relay Installer
# Usage: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash
#

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/install.sh:555


Or use nvm: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash"
    fi

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/install.sh:803

        echo "     # Using nvm (recommended - works on macOS and Linux)"
        echo "     curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash"
        echo "     source ~/.bashrc  # or ~/.zshrc"

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/install.sh:847

        echo ""
        echo "Usage: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash"
        echo ""

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

package/package.json:88

  "scripts": {
    "postinstall": "node scripts/postinstall.js",
    "build": "npm run clean && npm run build:rust && turbo run build --filter='./packages/*' && tsc",

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

package/packages/openclaw/package.json:29

    "prepack": "npm run build",
    "postinstall": "node -e \"try{require('child_process').execSync('ldd --version 2>&1',{stdio:'pipe'})}catch{try{require('child_process').execSync('apk info gcompat 2>/dev/null',{stdio:'pipe'})}catch{console.warn('\\n\\u26a0\\ufe0f  @agent-relay/openclaw: Alpine detected without gcompat. Spawning requires glibc.\\n   Install with: apk add gcompat libstdc++\\n')}}\""
  },

Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/packages/sdk/dist/client.js:582

        throw new AgentRelayProcessError('Failed to fetch latest agent-relay version from GitHub.\n' +
            'Install manually: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash');
    }

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/packages/sdk/dist/client.js:627

        throw new AgentRelayProcessError(`Failed to install broker binary: ${message}\n` +
            'Install manually: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash');
    }

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/packages/sdk/src/client.ts:814

      'Failed to fetch latest agent-relay version from GitHub.\n' +
        'Install manually: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash'
    );

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/packages/sdk/src/client.ts:862

      `Failed to install broker binary: ${message}\n` +
        'Install manually: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash'
    );

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

package/packages/sdk-py/src/agent_relay/client.py:162

            f"Failed to download broker binary: {e}\n"
            f"You can install manually: curl -fsSL https://raw.githubusercontent.com/AgentWorkforce/relay/main/install.sh | bash"
        ) from e

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

agent-relay

Summary

Provenance

Findings by Phase

Install Hooks

Code Patterns

Network / Exfiltration

Provenance

Badge

Scan your own packages

Get threat intelligence and product updates

Other npm scans