registry  /  @hiver.sh/cli  /  0.1.25

@hiver.sh/cli@0.1.25

Command-line tool for the [Hiver](https://hiver.sh) agent runtime.

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a Hiver agent-runtime CLI that starts local Docker-based sandboxes and a localhost inspector when invoked by the user.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit user CLI commands such as `hiver up`, `hiver start`, `hiver inspect`, or `hiver connect`.
Impact
Can manage Docker containers, proxy sandbox I/O, and write Hiver CLI state/traces when requested; no install-time or hidden exfiltration behavior was found.
Mechanism
User-invoked local orchestration and inspector proxy
Rationale
Dangerous primitives are tied to explicit Hiver CLI functionality and localhost/user-configured gateway operation, with no lifecycle hooks or automatic import-time attack chain. The recorder and inspector can read sandbox files and terminal streams, but only under `hiver inspect --record` or the local inspector workflow and without evidence of covert exfiltration.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/commands.jspackages/commands/dist/config.jspackages/commands/dist/inspect/index.jspackages/commands/dist/inspect/recorder.jspackages/commands/dist/docker.jspackages/inspector-server/dist/index.jspackages/inspector-server/dist/routes/files.jspackages/inspector-server/dist/routes/terminal.js~/.hiver/config.json~/.hiver/traces/recording-<timestamp>.jsonl~/.hiver/events.db
Network endpoints5
localhost:10000localhost:<port>docs.docker.com/get-docker/get.docker.comfonts.googleapis.com/css2?family=Google+Sans:wght@400;500;700&family=Google+Sans+Code&display=swap

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • User-invoked commands spawn docker, node, open/xdg-open, and optional Docker installer in packages/commands/dist/docker.js.
  • Explicit `hiver inspect --record` records sandbox directories/files to ~/.hiver/traces via packages/commands/dist/inspect/recorder.js.
  • Inspector server exposes local routes that proxy sandbox terminal, files, config, events, and browser CDP in packages/inspector-server/dist/routes/*.js.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; only bin `hiver` points to packages/commands/bin.js.
  • packages/commands/bin.js only dispatches to built CLI under node, with DEV-only tsx fallback.
  • Network use is package-aligned: local gateway/devtools URLs, user-supplied gateway URL, Docker docs/install URL, and bundled Google Fonts.
  • Persistent writes are expected CLI state under ~/.hiver and only occur from explicit commands such as connect/up/inspect --record.
  • Dynamic import in packages/commands/dist/cli.js is constrained to entries from a static command registry.
  • No credential harvesting, stealth persistence, foreign AI-agent config mutation, or install-time execution found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 58 file(s), 2.93 MB of source, external domains: cdn.jsdelivr.net, docs.docker.com, fs.internal, get.docker.com, github.com, hive.sandbox, jedwatson.github.io, json-schema.org, radix-ui.com, react.dev, www.w3.org
Oversized source lightweight scan
packages/inspector-client/dist/assets/monacoThemes-Bv3OLDiv.js5.10 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinifiedUrlStringscdn.jsdelivr.netgithub.com

Source & flagged code

3 flagged · loading source
packages/inspector-client/dist/assets/index-C7jf9Qob.jsView file
45* See the LICENSE file in the root directory of this source tree. L46: */function WorkerWrapper(options){let objURL;try{if(objURL=blob&&(self.URL||self.webkitURL).createObjectURL(blob),!objURL)throw"";const worker=new Worker(objURL,{name:null==options... L47: /*!
Low
Eval

Package source references a known benign dynamic code generation pattern.

packages/inspector-client/dist/assets/index-C7jf9Qob.jsView on unpkg · L45
packages/inspector-client/dist/assets/monacoThemes-Bv3OLDiv.jsView file
path = packages/inspector-client/dist/assets/monacoThemes-Bv3OLDiv.js kind = oversized_source_file sizeBytes = 5344897 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

packages/inspector-client/dist/assets/monacoThemes-Bv3OLDiv.jsView on unpkg
packages/commands/dist/inspect/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @hiver.sh/cli@0.1.24 matchedIdentity = npm:QGhpdmVyLnNoL2NsaQ:0.1.24 similarity = 0.818 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

packages/commands/dist/inspect/index.jsView on unpkg

Findings

2 High3 Medium7 Low
HighOversized Source Filepackages/inspector-client/dist/assets/monacoThemes-Bv3OLDiv.js
HighPrevious Version Dangerous Deltapackages/commands/dist/inspect/index.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalpackages/inspector-client/dist/assets/index-C7jf9Qob.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License