Skip to main content
Scans/pypi/neurostack

neurostack

pypi

Share

Summary

neurostack v0.7.5 was classified as CRITICAL RISK with a risk score of 796. Sigil detected 65 findings across 193 files, covering phases including provenance, install hooks, network exfiltration, code patterns, obfuscation. Review the findings below before installing this package.

Package description: Build, maintain, and search your knowledge vault. CLI + MCP server with stale note detection, semantic search, and neuroscience-grounded memory.

CRITICAL RISK(796)

v0.7.5

21 March 2026, 23:13 UTC

by Sigil Bot

Risk Score

796

Findings

65

Files Scanned

193

Provenance

Registry

https://pypi.org/project/neurostack/0.7.5/

Findings by Phase

Phase Ordering

Phases are ordered by criticality, with the most dangerous at the top. Click any phase header to expand or collapse its findings. Critical phases are expanded by default.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/PKG-INFO:79

# One-line script
curl -fsSL https://raw.githubusercontent.com/raphasouthall/neurostack/main/install.sh | bash
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/README.md:32

# One-line script
curl -fsSL https://raw.githubusercontent.com/raphasouthall/neurostack/main/install.sh | bash
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/install.sh:7

# NeuroStack Installer
# Usage: curl -fsSL https://raw.githubusercontent.com/raphasouthall/neurostack/main/install.sh | bash
# Options: NEUROSTACK_MODE=full (default: lite)
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/install.sh:54

    info "Installing uv..."
    curl -LsSf https://astral.sh/uv/install.sh | sh
    export PATH="$HOME/.local/bin:$PATH"
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-npm-postinstall

CRITICAL

npm lifecycle script — runs automatically on install

neurostack-0.7.5/npm/package.json:10

  "scripts": {
    "postinstall": "node postinstall.js",
    "preuninstall": "node preuninstall.js"
Why was this flagged?

npm lifecycle scripts like postinstall run automatically during package installation with no user interaction required. This is the #1 attack vector for malicious npm packages — attackers embed data theft or backdoor installation in these hooks. Rated CRITICAL because code executes before the developer can review it.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/src/neurostack/cli.py:1356

            ["bash", "-c",
             "curl -fsSL https://ollama.com/install.sh | sh"],
            timeout=120,
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/src/neurostack/cli.py:1676

            print("  \033[31muv:       NOT FOUND\033[0m")
            print("  Install:  curl -LsSf https://astral.sh/uv/install.sh | sh")
            sys.exit(1)
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/src/neurostack/cli.py:1753

        print("  \033[31m✗\033[0m uv not found.")
        print("  Install: curl -LsSf https://astral.sh/uv/install.sh | sh")
        sys.exit(1)
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

install-makefile-curl

HIGH

Makefile/script pipes remote content to shell

neurostack-0.7.5/tests/podman_integration.sh:10

# --- Setup ---
curl -LsSf https://astral.sh/uv/install.sh | sh 2>/dev/null
export PATH="$HOME/.local/bin:$PATH"
Why was this flagged?

A script or Makefile pipes content from a remote URL directly into a shell (curl | sh or wget | bash). This is inherently dangerous because the remote content can change at any time, and the command runs with the current user's permissions. Rated HIGH because it requires manual execution (unlike install hooks) but still executes arbitrary remote code.

Badge

Sigil scan badge for pypi/neurostack

Markdown

[![Sigil Scan](https://sigilsec.ai/badge/pypi/neurostack)](https://sigilsec.ai/scans/FDA3C3CA-6910-4D7A-95E5-2A074C708190)

HTML

<a href="https://sigilsec.ai/scans/FDA3C3CA-6910-4D7A-95E5-2A074C708190"><img src="https://sigilsec.ai/badge/pypi/neurostack" alt="Sigil Scan"></a>

Run This Scan Yourself

Scan your own packages

Run Sigil locally to audit any package before it touches your codebase.

curl -sSL https://sigilsec.ai/install.sh | sh
Read the docs →Free. Apache 2.0.

Early Access

Get cloud scanning, threat intel, and CI/CD integration.

Join 150+ developers on the waitlist.

Get threat intelligence and product updates

Security research, new threat signatures, and product updates. No spam.

Other pypi scans

tokenfence

v0.3.0

LOW RISK0

pg-r2-backup

v1.0.7

MEDIUM RISK15

fenix-mcp

v2.17.2

MEDIUM RISK12

agnt

v0.12.12

HIGH RISK32

workos-jira-mcp-server

v1.0.1

MEDIUM RISK24

Believe this result is incorrect? Request a review or see our Terms of Service and Methodology.

Scanned bySigil Bot
← Back to Scan Database