Is ndjordjevic/pinrag safe to install?

ndjordjevic/pinrag was flagged as CRITICAL RISK (risk score 293) with 22 findings detected across 133 files. Review the findings before installing.

What security issues were found in ndjordjevic/pinrag?

Sigil detected 22 findings in ndjordjevic/pinrag, including patterns related to install_hooks, provenance, code_patterns, network_exfil, obfuscation. See the full scan report for details.

Scans/github/ndjordjevic/pinrag

ndjordjevic/pinrag

github

Summary

ndjordjevic/pinrag v2026-03-22 was classified as CRITICAL RISK with a risk score of 293. Sigil detected 22 findings across 133 files, covering phases including install hooks, provenance, code patterns, network exfiltration, obfuscation. Review the findings below before installing this package.

Package description: A powerful RAG (Retrieval-Augmented Generation) system built with LangChain, designed as an MCP server for Cursor, VS Code, and other AI assistants

CRITICAL RISK(293)

v2026-03-22

22 March 2026, 23:57 UTC

by Sigil Bot

Risk Score

293

Findings

Files Scanned

133

Provenance

Registry

https://github.com/ndjordjevic/pinrag

Repository

https://github.com/ndjordjevic/pinrag

Scanned From

https://github.com/ndjordjevic/pinrag.git

Findings by Phase

•

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

repo/.github/workflows/publish.yml:23

      - name: Install uv
        run: curl -LsSf https://astral.sh/uv/install.sh | sh

Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-pip-setup-exec

CRITICAL

setup.py executes code at install time

repo/notes/implementation-checklist.md:284

### Monitoring & Observability
- [x] **Metrics & Logging** — LangSmith for query performance (latency, timing, token usage); README documents setup (notes/langsmith-setup.md). Tool completion timing logged when PINRAG_LOG_TO_STDERR=true. Error tracking via existing exception logging. Retrieval quality metrics remain eval-only (LLM-as-judge per query is costly).

Why was this flagged?

This setup.py calls subprocess, os.system, exec, or eval during package installation. Legitimate packages rarely need to execute arbitrary commands at install time. This pattern is commonly used by malicious packages to download and run payloads, exfiltrate environment variables, or establish persistence. Rated CRITICAL because it runs with the installer's full permissions.

Badge

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/github/ndjordjevic/pinrag)](https://sigilsec.ai/scans/D1FE48FE-29C8-4C07-88E7-FF3B9738141F)

HTML

<a href="https://sigilsec.ai/scans/D1FE48FE-29C8-4C07-88E7-FF3B9738141F"><img src="https://sigilsec.ai/badge/github/ndjordjevic/pinrag" alt="Sigil Scan"></a>

Run This Scan Yourself