registry  /  @hiver.sh/cli  /  0.1.28

@hiver.sh/cli@0.1.28

Command-line tool for the [Hiver](https://hiver.sh) agent runtime.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is an explicit-user CLI for Docker-managed Hiver sandboxes and a local inspector.

Static reason
No blocking static signals were detected.
Trigger
User runs a `hiver` command such as `up`, `run`, `bundle`, or `inspect`.
Impact
Can create/manage user-requested Docker resources and inspect configured Hiver sandboxes; no unconsented install-time mutation or exfiltration was found.
Mechanism
User-invoked Docker orchestration and configured-gateway sandbox control.
Rationale
Direct inspection shows no install-time execution or concrete malicious chain. The sensitive operations are documented, command-gated sandbox/Docker functionality, with the optional Docker installer requiring explicit interactive consent.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/config.jspackages/commands/dist/docker.jspackages/commands/dist/inspect/index.jspackages/inspector-server/dist/index.jscontainer-config/compose.yamlpackages/commands/dist/commands.js

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `packages/commands/dist/docker.js` can invoke a Docker installer only after an interactive yes/no confirmation.
  • Explicit CLI commands manage Docker sandboxes, local config, and inspector sessions by design.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • `packages/commands/bin.js` only starts `dist/cli.js` after explicit `hiver` invocation.
  • `packages/commands/dist/cli.js` dynamically imports only entries selected from the fixed `COMMANDS` registry.
  • `packages/commands/dist/config.js` writes only `~/.hiver/config.json`; no foreign AI-agent config paths were found.
  • Inspector network use targets the configured Hiver gateway and localhost; no credential harvesting or exfiltration path was found.
  • No malicious eval, unbounded module loading, stealth persistence, or destructive host-file behavior was found in inspected shipped code.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 59 file(s), 2.97 MB of source, external domains: cdn.jsdelivr.net, docs.docker.com, fs.internal, get.docker.com, github.com, hive.sandbox, jedwatson.github.io, json-schema.org, radix-ui.com, react.dev, www.w3.org
Oversized source lightweight scan
packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js5.10 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinifiedUrlStringscdn.jsdelivr.netgithub.com

Source & flagged code

2 flagged · loading source
packages/inspector-client/dist/assets/index-Dq8uE01s.jsView file
45* See the LICENSE file in the root directory of this source tree. L46: */function WorkerWrapper(options){let objURL;try{if(objURL=blob&&(self.URL||self.webkitURL).createObjectURL(blob),!objURL)throw"";const worker=new Worker(objURL,{name:null==options... L47: /*!
Low
Eval

Package source references a known benign dynamic code generation pattern.

packages/inspector-client/dist/assets/index-Dq8uE01s.jsView on unpkg · L45
packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.jsView file
path = packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js kind = oversized_source_file sizeBytes = 5344467 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.jsView on unpkg

Findings

1 High3 Medium7 Low
HighOversized Source Filepackages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalpackages/inspector-client/dist/assets/index-Dq8uE01s.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License