registry  /  @cyberocean/khabot-studio  /  2.2.1

@cyberocean/khabot-studio@2.2.1

Visual IDE for KhaBot CLI agents — drag-and-drop canvas, real-time chat, and agent editor

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack is present. On explicit `khabot-studio` launch, the package installs its own bundled agent into the selected project and starts a local orchestration server with agent, terminal, and user-script capabilities.

Static reason
No blocking static signals were detected.
Trigger
User runs `khabot-studio` against a project.
Impact
The launched Studio can modify its selected project and exposes powerful capabilities to its installed agent and user-authored scripts; no unconsented external exfiltration or foreign control-surface mutation was confirmed.
Mechanism
First-party agent deployment plus local agent/terminal/script execution features.
Rationale
The package is not concretely malicious, but its user-triggered startup deploys a package-owned agent and exposes high-impact local execution capabilities. Per policy, this warrants a warning rather than a block.
Evidence
package.jsonbin/khabot-studio.jsserver/index.jsserver/utils/config.jsserver/utils/install-builtin-agents.jsserver/utils/terminal-manager.jsbuilt-in-agents/studio-assistant/tools/.shared/remote.jsbuilt-in-element-apps/script-node/backend.js<project>/.khabot/agents/<project>/.khabot-studio/builtin-versions.json
Network endpoints2
registry.npmjs.org/@cyberocean/khabot-studio/latestlocalhost:5050

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `server/index.js` invokes bundled-agent installation at CLI server startup.
  • `server/utils/install-builtin-agents.js` copies package agents into `<project>/.khabot/agents/`.
  • `built-in-agents/studio-assistant/tools/.shared/remote.js` exposes remote-method execution to the installed agent.
  • `built-in-element-apps/script-node/backend.js` executes user-configured code with `new Function` and `require`.
  • `server/utils/terminal-manager.js` creates interactive PTYs with the inherited environment.
Evidence against
  • `package.json` has no preinstall, install, or postinstall hook.
  • Registry access in `bin/khabot-studio.js` occurs only for explicit `--check-for-update`.
  • Configured KhaBot traffic defaults to localhost in `server/utils/config.js`.
  • No inspected source exfiltrates credentials or targets external credential/config paths.
  • The large worker is UTF-8 JavaScript and the WOFF2 artifact is a normal web font.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 95 file(s), 387 KB of source, external domains: registry.npmjs.org

Source & flagged code

5 flagged · loading source
built-in-element-apps/script-node/backend.jsView file
28// `new Function` raises a real SyntaxError BEFORE anything is swapped. L29: const fn = new Function('define', 'ctx', 'require', `'use strict';\n${String(code ?? '')}`) L30: fn(define, ctx, require)
Low
Eval

Package source references a known benign dynamic code generation pattern.

built-in-element-apps/script-node/backend.jsView on unpkg · L28
bin/khabot-studio.jsView file
3L4: const path = require('path') L5:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/khabot-studio.jsView on unpkg · L3
nuxt-app/.output/public/_nuxt/materialdesignicons-webfont.Dp5v-WZN.woff2View file
path = nuxt-app/.output/public/_nuxt/materialdesignicons-webfont.Dp5v-WZN.woff2 kind = high_entropy_blob sizeBytes = 403216 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

nuxt-app/.output/public/_nuxt/materialdesignicons-webfont.Dp5v-WZN.woff2View on unpkg
nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.jsView file
path = nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.js kind = payload_in_excluded_dir sizeBytes = 7020496 magicHex = [redacted]
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.jsView on unpkg
path = nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.js kind = oversized_source_file sizeBytes = 7020496 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

nuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.jsView on unpkg

Findings

3 High4 Medium6 Low
HighShips High Entropy Blobnuxt-app/.output/public/_nuxt/materialdesignicons-webfont.Dp5v-WZN.woff2
HighPayload In Excluded Dirnuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.js
HighOversized Source Filenuxt-app/.output/public/_nuxt/ts.worker-B0yERHG1.js
MediumDynamic Requirebin/khabot-studio.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalbuilt-in-element-apps/script-node/backend.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License