registry  /  @hiver.sh/cli  /  0.1.24

@hiver.sh/cli@0.1.24

Command-line tool for the [Hiver](https://hiver.sh) agent runtime.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a Hiver CLI and inspector that performs user-invoked Docker, gateway, sandbox, terminal, event, and file-inspection operations.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `hiver` CLI subcommands or starting the inspector server.
Impact
Expected CLI/runtime behavior; no install-time execution, credential harvesting, stealth persistence, or unsolicited AI-agent control-surface mutation identified.
Mechanism
User-invoked gateway proxy, Docker orchestration, sandbox terminal/events/files UI, and local state persistence.
Rationale
Static source inspection shows risky primitives are package-aligned and user-invoked, with no lifecycle hook, import-time payload, exfiltration, destructive behavior, or unconsented agent control mutation. The hinted eventStore delta is local SQLite persistence for Hiver inspector events, not a malicious payload.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/commands.jspackages/commands/dist/config.jspackages/commands/dist/docker.jspackages/commands/dist/start/index.jspackages/commands/dist/shell/index.jspackages/commands/dist/events/index.jspackages/inspector-server/dist/index.jspackages/inspector-server/dist/lib/eventStore.jspackages/inspector-server/dist/lib/gatewayUrl.js~/.hiver/config.json~/.hiver/events.db~/.hiver/traces
Network endpoints5
localhost:10000get.docker.comdocs.docker.com/get-docker/hiver.sh/docsgithub.com/hiver-sh/hiver/issues

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Shell/network primitives exist but are only reached by explicit CLI commands such as `hiver up`, `start`, `shell`, `inspect`, or Docker install confirmation.
  • `packages/commands/dist/docker.js` can run `curl -fsSL https://get.docker.com | sh`, but only after an interactive prompt when Docker is missing.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks; only `prepack` build script is present.
  • `packages/commands/bin.js` only spawns Node on `packages/commands/dist/cli.js` or dev `tsx` when `DEV` is set.
  • `packages/commands/dist/cli.js` imports only entries from the fixed command registry in `packages/commands/dist/commands.js`.
  • `packages/commands/dist/config.js` writes user CLI config under `~/.hiver/config.json` only for explicit commands like `connect`/`up`.
  • `packages/inspector-server/dist/lib/eventStore.js` stores sandbox events in local SQLite `~/.hiver/events.db` and prunes by TTL; no exfiltration logic found.
  • Inspector routes proxy user-selected Hiver gateway/sandbox operations and local DevTools UI, matching package purpose.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 55 file(s), 1.39 MB of source, external domains: docs.docker.com, get.docker.com, reactjs.org, www.w3.org
Oversized source lightweight scan
packages/inspector-client/dist/assets/index-CJy4hkma.js6.51 MB file, sampled 256 KB
NetworkHighEntropyStringsMinifiedUrlStringsreactjs.orgwww.w3.org

Source & flagged code

2 flagged · loading source
packages/inspector-client/dist/assets/index-CJy4hkma.jsView file
path = packages/inspector-client/dist/assets/index-CJy4hkma.js kind = oversized_source_file sizeBytes = 6829037 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

packages/inspector-client/dist/assets/index-CJy4hkma.jsView on unpkg
packages/inspector-server/dist/lib/eventStore.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @hiver.sh/cli@0.1.22 matchedIdentity = npm:QGhpdmVyLnNoL2NsaQ:0.1.22 similarity = 0.902 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/inspector-server/dist/lib/eventStore.jsView on unpkg

Findings

2 High3 Medium5 Low
HighOversized Source Filepackages/inspector-client/dist/assets/index-CJy4hkma.js
HighPrevious Version Dangerous Deltapackages/inspector-server/dist/lib/eventStore.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License