registry  /  @codevineai/cli  /  0.2.20260708203235

@codevineai/cli@0.2.20260708203235

CodeVine AI CLI — setup, sync, and manage your Claude Code environment

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time behavior was found. Runtime has a risky obfuscated self-updating CLI that can execute cached CodeVine code and user-invoked AI client setup/upload features.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Running the codevineai CLI after install
Impact
May execute newer cached CLI code from the user's home directory and alter AI client configuration when explicitly commanded.
Mechanism
obfuscated self-update and user-command agent/client configuration
Rationale
Source inspection supports a warning for obfuscated remote-update/agent-extension lifecycle risk, but not a malicious block because the install hook is inert and no concrete exfiltration, destructive action, or unconsented install-time AI-agent control-surface mutation was confirmed.
Evidence
package.jsondist/cli.cjs~/.codevineai/bin/<host>/cli.cjs~/.codevineai/bin/<host>/version.txt
Network endpoints3
codevine.ai/app/cli/cli.cjsregistry.npmjs.org/@codevineai%2fcli/latestlocalhost

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json has a postinstall require of ./dist/postinstall.cjs, but that file is absent so it is caught and inert.
  • dist/cli.cjs is heavily obfuscated after line 95, obscuring runtime behavior.
  • dist/cli.cjs loads and executes newer cached code from ~/.codevineai/bin/<host>/cli.cjs via require().
  • Decoded strings expose self-update endpoints for https://codevine.ai/app/cli/cli.cjs and npm latest metadata.
  • CLI exposes install/setup/uninstall commands for Claude/AI client support and an upload command for Claude Code conversation logs.
Evidence against
  • Only package files present are package.json and dist/cli.cjs; no bundled postinstall payload exists.
  • Install-time hook does not mutate files because dist/postinstall.cjs is missing and errors are swallowed.
  • Agent/client mutation appears tied to explicit user commands, not npm install.
  • Network endpoints are package-aligned CodeVine/npm update/auth functionality.
  • No clear credential exfiltration, destructive action, or stealth persistence confirmed from static inspection.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 1 file(s), 186 KB of source, external domains: codevine.ai, registry.npmjs.org

Source & flagged code

6 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "try{require('./dist/postinstall.cjs')}catch{}"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "try{require('./dist/postinstall.cjs')}catch{}"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
dist/cli.cjsView file
94if (!globalThis.__CODEVINE_SHIM_HANDLED) { L95: const _0x358c91=_0x2c9a;(function(_0x5bbdca,_0x5921e4){const _0x48f3a4=_0x2c9a,_0x522140=_0x5bbdca();while(!![]){try{const _0x274f8b=-parseInt(_0x48f3a4(0x1c0))/0x1*(-parseInt(_0x4... L96: }
High
Child Process

Package source references child process execution.

dist/cli.cjsView on unpkg · L94
94if (!globalThis.__CODEVINE_SHIM_HANDLED) { L95: const _0x358c91=_0x2c9a;(function(_0x5bbdca,_0x5921e4){const _0x48f3a4=_0x2c9a,_0x522140=_0x5bbdca();while(!![]){try{const _0x274f8b=-parseInt(_0x48f3a4(0x1c0))/0x1*(-parseInt(_0x4... L96: }
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/cli.cjsView on unpkg · L94
94if (!globalThis.__CODEVINE_SHIM_HANDLED) { L95: const _0x358c91=_0x2c9a;(function(_0x5bbdca,_0x5921e4){const _0x48f3a4=_0x2c9a,_0x522140=_0x5bbdca();while(!![]){try{const _0x274f8b=-parseInt(_0x48f3a4(0x1c0))/0x1*(-parseInt(_0x4... L96: }
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/cli.cjsView on unpkg · L94
13if (!globalThis.__CODEVINE_CACHED) { L14: const _fs = require('node:fs'); L15: const _path = require('node:path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/cli.cjsView on unpkg · L13

Findings

1 Critical5 High4 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/cli.cjs
HighSame File Env Network Executiondist/cli.cjs
HighObfuscated Payload Loaderdist/cli.cjs
HighObfuscated
MediumDynamic Requiredist/cli.cjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License