registry  /  @astrale-os/kernel-client  /  0.3.0

@astrale-os/kernel-client@0.3.0

Unified kernel client — protocol-first, transport-agnostic

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a kernel client SDK whose network behavior is runtime, user/config/schema-directed HTTP or WebSocket transport.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm preinstall attempts missing workspace check; runtime API calls may send requests when user constructs and uses a client
Impact
No credential harvesting, persistence, destructive action, or unsolicited control-surface mutation found
Mechanism
client transport library with inert missing preinstall helper
Rationale
Static inspection shows the scary lifecycle hook references a non-packaged helper inside a swallowed try/catch, while published dist code is a normal SDK transport layer activated by user calls. No concrete exfiltration, install-time mutation, payload execution, or AI-agent control-surface write was found.
Evidence
package.jsondist/index.jsdist/client/client.jsdist/transport/fetch.jsdist/transport/http-envelope.jsdist/transport/http-routed.jsdist/transport/ws-envelope.js

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
  • package.json defines preinstall node -e require('./.check-workspace.cjs') catch{}
  • Referenced .check-workspace.cjs is absent from package root, so preinstall does not run package code
Evidence against
  • package.json files only publishes dist; no bin entries
  • dist/index.js is re-export surface with no import-time side effects
  • dist/transport/http-envelope.js and http-routed.js only fetch caller/schema-provided kernel URLs
  • dist/transport/ws-envelope.js opens WebSocket only from constructed client URL at runtime
  • rg found no fs/child_process/native/eval/agent-config mutation indicators in dist
Behavioral surface
Source
FilesystemWebSocket
Supply chain
HighEntropyStrings
Manifest
WildcardDependency
scanned 104 file(s), 348 KB of source

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = node -e "try{require('./.check-workspace.cjs')}catch{}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High1 Medium3 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumWildcard Dependency
LowScripts Present
LowFilesystem
LowHigh Entropy Strings