registry  /  @hiver.sh/cli  /  0.1.33

@hiver.sh/cli@0.1.33

Command-line tool for the [Hiver](https://hiver.sh) agent runtime.

AI Security Review

scanned 1h ago · by lpm-firewall-ai

No concrete malicious chain or install-time execution is present. A user-started, unauthenticated local inspector exposes `GET /api/trace?path=...`, which parses and returns an arbitrary readable local JSON file.

Static reason
No blocking static signals were detected.
Trigger
User runs `hiver inspect` and a local or network-reachable client requests `/api/trace?path=<file>`.
Impact
Potential disclosure of readable local JSON content from the machine running the inspector.
Mechanism
Unauthenticated arbitrary local JSON file read in inspector trace endpoint
Rationale
Static source inspection finds a genuine inspector file-read vulnerability but no evidence of stealth, exfiltration, remote payload execution, or unconsented lifecycle mutation. The package is suspicious due to the exposed local-file-read route, not malicious.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/install-skill/install.jspackages/commands/dist/docker.jspackages/inspector-server/dist/routes/trace.jspackages/commands/dist/commands.jspackages/commands/dist/install-skill/index.jspackages/commands/dist/inspect/index.jspackages/inspector-server/dist/index.jspackages/commands/dist/skills/hiver/SKILL.md
Network endpoints2
localhost:10000localhost:<PORT>/api/trace

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `packages/inspector-server/dist/routes/trace.js` reads caller-supplied filesystem paths.
  • `packages/inspector-server/dist/index.js` exposes the trace route with no authentication.
  • `packages/commands/dist/docker.js` can run a Docker installer only after TTY confirmation.
  • `packages/commands/dist/install-skill/install.js` can link bundled skills into agent directories when invoked.
Evidence against
  • `package.json` declares no preinstall, install, or postinstall hook.
  • `packages/commands/bin.js` only launches the packaged CLI after user invocation.
  • `packages/commands/dist/cli.js` dynamically imports only a fixed command registry.
  • Skill installation is explicit or interactive-confirmed and avoids clobbering absent `--force`.
  • Client bundle signal is Monaco/editor code, not a hidden executable payload.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 61 file(s), 2.98 MB of source, external domains: cdn.jsdelivr.net, docs.docker.com, fs.internal, get.docker.com, github.com, hive.sandbox, jedwatson.github.io, json-schema.org, radix-ui.com, react.dev, s3.us-west-002.backblazeb2.com, www.w3.org
Oversized source lightweight scan
packages/inspector-client/dist/assets/monacoThemes-CCv8c_2K.js5.10 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinifiedUrlStringscdn.jsdelivr.netgithub.com

Source & flagged code

2 flagged · loading source
packages/inspector-client/dist/assets/index-n2cI1hz8.jsView file
45* See the LICENSE file in the root directory of this source tree. L46: */function WorkerWrapper(options){let objURL;try{if(objURL=blob&&(self.URL||self.webkitURL).createObjectURL(blob),!objURL)throw"";const worker=new Worker(objURL,{name:null==options... L47: /*!
Low
Eval

Package source references a known benign dynamic code generation pattern.

packages/inspector-client/dist/assets/index-n2cI1hz8.jsView on unpkg · L45
packages/inspector-client/dist/assets/monacoThemes-CCv8c_2K.jsView file
path = packages/inspector-client/dist/assets/monacoThemes-CCv8c_2K.js kind = oversized_source_file sizeBytes = 5344467 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

packages/inspector-client/dist/assets/monacoThemes-CCv8c_2K.jsView on unpkg

Findings

1 High3 Medium7 Low
HighOversized Source Filepackages/inspector-client/dist/assets/monacoThemes-CCv8c_2K.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalpackages/inspector-client/dist/assets/index-n2cI1hz8.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License