AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked Hiver CLI/inspector that starts Docker/gateway workflows and serves a local devtools UI; risky primitives are aligned with that function.
Static reason
No blocking static signals were detected.
Trigger
User runs hiver subcommands such as up, start, run, bundle, inspect, or connect
Impact
Can create project Dockerfile/.hiver.json, write ~/.hiver state/traces, start Docker containers, and proxy sandbox file/terminal data when explicitly invoked
Mechanism
CLI orchestration of Docker, Hiver gateway API calls, and local inspector server
Rationale
Static inspection found no install-time execution or unconsented mutation/exfiltration chain. The concerning filesystem, child_process, network, Docker, and local inspector behavior is activated by explicit CLI commands and matches the package's documented sandbox runtime purpose.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/commands.jspackages/commands/dist/docker.jspackages/commands/dist/run/index.jspackages/commands/dist/inspect/index.jspackages/inspector-server/dist/routes/trace.jspackages/inspector-server/dist/index.js.hiver.jsonDockerfile~/.hiver/config.json~/.hiver/traces/recording-<timestamp>.jsonl
Network endpoints7
hiver.sh/docsgithub.com/hiver-sh/hiver.gitdocs.docker.com/get-docker/get.docker.comlocalhost:10000gateway:10000localhost:5173
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- packages/inspector-server/dist/routes/trace.js reads a user-supplied JSON path when localhost inspector is running
- packages/commands/dist/docker.js can run Docker installers including curl|sh, but only after interactive confirmation
- packages/commands/dist/run/index.js writes Dockerfile and .hiver.json in the target project after user command/confirmation
Evidence against
- package.json has no preinstall/install/postinstall hooks
- packages/commands/bin.js only spawns node on packages/commands/dist/cli.js for the user-invoked bin
- packages/commands/dist/commands.js dynamic import is constrained to a static command registry
- network/Docker actions are explicit CLI operations for the Hiver gateway/sandbox workflow
- no credential harvesting, stealth persistence, destructive install-time behavior, or exfiltration found
- client eval finding is bundled React/Zod/Monaco code generation, not remote payload execution
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Oversized source lightweight scan
packages/inspector-client/dist/assets/monacoThemes-DlpR12OM.js5.10 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinifiedUrlStringscdn.jsdelivr.netgithub.com
Source & flagged code
2 flagged · loading sourcepackages/inspector-client/dist/assets/index-IVzKuEzE.jsView file
45* See the LICENSE file in the root directory of this source tree.
L46: */function WorkerWrapper(options){let objURL;try{if(objURL=blob&&(self.URL||self.webkitURL).createObjectURL(blob),!objURL)throw"";const worker=new Worker(objURL,{name:null==options...
L47: /*!
Low
Eval
Package source references a known benign dynamic code generation pattern.
packages/inspector-client/dist/assets/index-IVzKuEzE.jsView on unpkg · L45packages/inspector-client/dist/assets/monacoThemes-DlpR12OM.jsView file
•path = packages/inspector-client/dist/assets/monacoThemes-DlpR12OM.js
kind = oversized_source_file
sizeBytes = 5344467
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
packages/inspector-client/dist/assets/monacoThemes-DlpR12OM.jsView on unpkgFindings
1 High3 Medium7 Low
HighOversized Source Filepackages/inspector-client/dist/assets/monacoThemes-DlpR12OM.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalpackages/inspector-client/dist/assets/index-IVzKuEzE.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License