registry  /  @happy-creative/seed-code  /  0.0.1

@happy-creative/seed-code@0.0.1

SEED - AI-powered coding assistant

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No unconsented install-time attack surface is established. User-invoked commands can install extensions and apply standalone updates, creating a meaningful but explicit agent-tool lifecycle capability.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs `seed extensions install`, enables extension updates, or invokes the CLI with update-capable settings.
Impact
A user-approved extension or update source can change the tool's own runtime/extension state; no malicious chain was confirmed.
Mechanism
Explicit extension installation and runtime standalone self-update.
Rationale
The scanner's large bundles, native tools, WASM, dynamic imports, and network primitives are consistent with a bundled coding assistant. The explicit extension/update lifecycle capability warrants a warning, but the inspected source does not substantiate malicious behavior.
Evidence
package.jsoncli-entry.jschunks/chunk-JJV5MLJ6.jschunks/chunk-CPXGW7M2.jschunks/chunk-RYJVBI6K.jscli.js

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `cli-entry.js` launches the CLI only when the user invokes `seed`; no npm lifecycle hook exists.
  • `chunks/chunk-JJV5MLJ6.js` exposes explicit extension install/update commands that can fetch and write agent-extension state.
  • `chunks/chunk-CPXGW7M2.js` supports standalone auto-update after runtime update information.
Evidence against
  • `package.json` has no `preinstall`, `install`, `postinstall`, or uninstall script.
  • `cli-entry.js` only dispatches CLI arguments and spawns Node with `--expose-gc`.
  • No inspected source showed credential harvesting, secret exfiltration, stealth persistence, or foreign-agent configuration mutation.
  • Native `rg` and Tree-sitter WASM are packaged CLI tooling artifacts, not a confirmed payload chain.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
Manifest
NoLicense
scanned 638 file(s), 38.0 MB of source, external domains: 127.0.0.1, 169.254.169.254, accounts.google.com, aiplatform.googleapis.com, api.anthropic.com, api.dingtalk.com, api.github.com, api.openai.com, api.sgroup.qq.com, api.telegram.org, bots.qq.com, bucket.example.com, cdn.example.com, cdn.jsdelivr.net, chat.seed.ai, chevrotain.io, claudemarketplaces.com, cloud.google.com, cloudresourcemanager.googleapis.com, codeload.github.com, coding-intl.dashscope.aliyuncs.com, coding.dashscope.aliyuncs.com, crystal-lang.org, dashscope.aliyuncs.com, dev.w3.org, developer.mozilla.org, docs.anthropic.com, docs.expo.dev, docs.microsoft.com, docs.neo4j.org, dotenvx.com, dummy.com, empty.invalid, en.cppreference.com, en.wikipedia.org, example.com, fb.me, fburl.com, fetch.spec.whatwg.org, fishshell.com, geminicli.com, generativelanguage.googleapis.com, gist.githubusercontent.com, git.new, github.com, help.openai.com, host.docker.internal, ilinkai.weixin.qq.com, jimmy.warting.se, jquery.org
Oversized source lightweight scan
chunks/chunk-RYJVBI6K.js5.34 MB file, sampled 256 KB
FilesystemNetworkChildProcessEvalCryptoHighEntropyStringsUrlStringsgithub.com
chunks/chunk-W3CISIOJ.js2.77 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoHighEntropyStringsUrlStringswww.apache.org
chunks/dist-SSFTJIK7.js4.56 MB file, sampled 256 KB
FilesystemNetworkChildProcessCryptoHighEntropyStringsUrlStringsopen.feishu.cnopen.larksuite.com
web-shell/assets/index-BoIx7ai5.js2.03 MB file, sampled 256 KB
NetworkHighEntropyStringsMinifiedUrlStringsgithub.comreact.dev

Source & flagged code

15 flagged · loading source
chunks/tree-sitter-bash-BGOXE3EP.jsView file
8patternName = aws_access_key severity = critical line = 8 matchedText = var tree...A");
Critical
Critical Secret

Package contains a critical-looking secret pattern.

chunks/tree-sitter-bash-BGOXE3EP.jsView on unpkg · L8
8patternName = aws_access_key severity = critical line = 8 matchedText = var tree...A");
Critical
Secret Pattern

AWS access key ID in chunks/tree-sitter-bash-BGOXE3EP.js

chunks/tree-sitter-bash-BGOXE3EP.jsView on unpkg · L8
chunks/lowlight-U5S6WPSE.jsView file
773/** @param {string} s */ L774: exec(s) { L775: this.matcherRe.lastIndex = this.lastIndex;
High
Child Process

Package source references child process execution.

chunks/lowlight-U5S6WPSE.jsView on unpkg · L773
27706L27707: // node_modules/highlight.js/es/languages/powershell.js L27708: init_esbuild_shims();
High
Shell

Package source references shell execution.

chunks/lowlight-U5S6WPSE.jsView on unpkg · L27706
chunks/chunk-5NDHUVDS.jsView file
279site.name = fn.name; L280: var deprecatedfn = new Function( L281: "fn",
Low
Eval

Package source references a known benign dynamic code generation pattern.

chunks/chunk-5NDHUVDS.jsView on unpkg · L279
chunks/chunk-JJV5MLJ6.jsView file
190init_esbuild_shims(); L191: var exec = __require("child_process").exec; L192: var execSync = __require("child_process").execSync; ... L350: }; L351: function findModelConfig(modelProviders, providerProtocol, authType, modelId, baseUrl) { L352: if (!modelProviders || !modelId) { ... L2709: const entries = JSON.parse( L2710: readFileSync(sessionsPath2, "utf-8") L2711: );
High
Remote Agent Bridge

Source exposes local file and command tools to a remote model endpoint.

chunks/chunk-JJV5MLJ6.jsView on unpkg · L190
190init_esbuild_shims(); L191: var exec = __require("child_process").exec; L192: var execSync = __require("child_process").execSync;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

chunks/chunk-JJV5MLJ6.jsView on unpkg · L190
chunks/workflow-6EXGJJOE.jsView file
300} L301: const envSec = Number(process.env["SEED_MAX_WORKFLOW_SECONDS"]); L302: if (Number.isFinite(envSec) && envSec > 0) ... L439: // cannot reach host process. L440: globalThis.args = __b.argsJson === null ? undefined : JSON.parse(__b.argsJson); L441:
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

chunks/workflow-6EXGJJOE.jsView on unpkg · L300
chunks/chunk-OGIOA4CV.jsView file
15L16: // packages/core/node_modules/undici/lib/core/symbols.js L17: var require_symbols = __commonJS({ ... L41: kBodyUsed: Symbol("used"), L42: kBody: Symbol("abstracted request body"), L43: kRunning: Symbol("running"), ... L668: } L669: const code = this.code = key.charCodeAt(index); L670: if (code > 127) { ... L2161: * @type {-2|-1|0|1} L2162: * @private L2163: */
Low
Weak Crypto

Package source references weak cryptographic algorithms.

chunks/chunk-OGIOA4CV.jsView on unpkg · L15
chunks/chunk-RYJVBI6K.jsView file
context = ayload: {\n snapshots: remappedSnapshots.map(serializeSnapshot)\n }\n };\n forked.push(snapshotRecord);\n }\n fs10.mkdirSync(chatsDir, { recursive: true });\n const body2 = forked.map((r2) => JSON.stringify(r2)).join("\n") + "\n";\n let fd;\n try {\n fd = fs10.openSync(targetPath, "wx", 384);\n } catch (err2) {\n if (err2.code === "EEXIST") {\n throw new Error(`Target session file already exists: ${newSessionId}`);\n }\n throw err2;\n }\n try {\n fs10.writeFileSync(fd, body2, { encoding: "utf8" });\n } finally {\n fs10.closeSync(fd);\n }\n await copyFileHistoryBackups(sourceSessionId, newSessionId);\n return { filePath: targetPath, copiedCount: forked.length };\n }\n /**\n * Gets the custom title for a session by reading from its JSONL file.\n *\n * @param sessionId The session ID to look up\n * @returns The custom title, or undefined if none set\n * @remarks Only checks active sessions. Use `getSessionLocation()` or\n * `sessionExistsInAnyStat
Critical
Encrypted Payload Temp Execution

Source decrypts an embedded payload, writes it to disk, and executes it through a child process.

chunks/chunk-RYJVBI6K.jsView on unpkg
chunks/gemini-S7ITV7QO.jsView file
76Cross-file remote execution chain: chunks/gemini-S7ITV7QO.js spawns chunks/chunk-I56HHE2T.js; helper contains network access plus dynamic code execution. L76: import { L77: writeStderrLine L78: } from "./chunk-N6CZ2JVY.js"; ... L185: init_esbuild_shims(); L186: import dns from "node:dns"; L187: import os4 from "node:os"; ... L774: try { L775: const parsed = JSON.parse(raw); L776: return { exists: true, canonical: canonicalize(parsed) }; ... L1119: const trimmed = rawInput.trim(); L1120: const launchCwd = process.cwd(); L1121: const probe = new GitWorktreeService(launchCwd);
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

chunks/gemini-S7ITV7QO.jsView on unpkg · L76
vendor/ripgrep/x64-darwin/rgView file
path = vendor/ripgrep/x64-darwin/rg kind = native_binary sizeBytes = 4742676 magicHex = [redacted]
Medium
Ships Native Binary

Package ships native binary artifacts.

vendor/ripgrep/x64-darwin/rgView on unpkg
vendor/tree-sitter/tree-sitter.wasmView file
path = vendor/tree-sitter/tree-sitter.wasm kind = wasm_module sizeBytes = 190779 magicHex = [redacted]
Medium
Ships Wasm Module

Package ships WebAssembly modules.

vendor/tree-sitter/tree-sitter.wasmView on unpkg
web-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View file
path = web-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 kind = high_entropy_blob sizeBytes = 9644 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

web-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2View on unpkg
chunks/chunk-W3CISIOJ.jsView file
path = chunks/chunk-W3CISIOJ.js kind = oversized_source_file sizeBytes = 2902222 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

chunks/chunk-W3CISIOJ.jsView on unpkg

Findings

3 Critical6 High8 Medium8 Low
CriticalCritical Secretchunks/tree-sitter-bash-BGOXE3EP.js
CriticalEncrypted Payload Temp Executionchunks/chunk-RYJVBI6K.js
CriticalSecret Patternchunks/tree-sitter-bash-BGOXE3EP.js
HighChild Processchunks/lowlight-U5S6WPSE.js
HighShellchunks/lowlight-U5S6WPSE.js
HighRemote Agent Bridgechunks/chunk-JJV5MLJ6.js
HighCross File Remote Execution Contextchunks/gemini-S7ITV7QO.js
HighShips High Entropy Blobweb-shell/assets/KaTeX_Script-Regular-D3wIWfF6.woff2
HighOversized Source Filechunks/chunk-W3CISIOJ.js
MediumDynamic Requirechunks/chunk-JJV5MLJ6.js
MediumUnsafe Vm Contextchunks/workflow-6EXGJJOE.js
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumShips Native Binaryvendor/ripgrep/x64-darwin/rg
MediumShips Wasm Modulevendor/tree-sitter/tree-sitter.wasm
MediumStructural Risk Force Deep Review
LowEvalchunks/chunk-5NDHUVDS.js
LowWeak Cryptochunks/chunk-OGIOA4CV.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License