AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is an explicit-user CLI for Docker-managed Hiver sandboxes and a local inspector.
Static reason
No blocking static signals were detected.
Trigger
User runs a `hiver` command such as `up`, `run`, `bundle`, or `inspect`.
Impact
Can create/manage user-requested Docker resources and inspect configured Hiver sandboxes; no unconsented install-time mutation or exfiltration was found.
Mechanism
User-invoked Docker orchestration and configured-gateway sandbox control.
Rationale
Direct inspection shows no install-time execution or concrete malicious chain. The sensitive operations are documented, command-gated sandbox/Docker functionality, with the optional Docker installer requiring explicit interactive consent.
Evidence
package.jsonpackages/commands/bin.jspackages/commands/dist/cli.jspackages/commands/dist/config.jspackages/commands/dist/docker.jspackages/commands/dist/inspect/index.jspackages/inspector-server/dist/index.jscontainer-config/compose.yamlpackages/commands/dist/commands.js
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
- `packages/commands/dist/docker.js` can invoke a Docker installer only after an interactive yes/no confirmation.
- Explicit CLI commands manage Docker sandboxes, local config, and inspector sessions by design.
Evidence against
- `package.json` has no preinstall, install, or postinstall lifecycle hook.
- `packages/commands/bin.js` only starts `dist/cli.js` after explicit `hiver` invocation.
- `packages/commands/dist/cli.js` dynamically imports only entries selected from the fixed `COMMANDS` registry.
- `packages/commands/dist/config.js` writes only `~/.hiver/config.json`; no foreign AI-agent config paths were found.
- Inspector network use targets the configured Hiver gateway and localhost; no credential harvesting or exfiltration path was found.
- No malicious eval, unbounded module loading, stealth persistence, or destructive host-file behavior was found in inspected shipped code.
Behavioral surface
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShellWebSocket
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Oversized source lightweight scan
packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js5.10 MB file, sampled 256 KB
ChildProcessShellObfuscatedHighEntropyStringsMinifiedUrlStringscdn.jsdelivr.netgithub.com
Source & flagged code
2 flagged · loading sourcepackages/inspector-client/dist/assets/index-Dq8uE01s.jsView file
45* See the LICENSE file in the root directory of this source tree.
L46: */function WorkerWrapper(options){let objURL;try{if(objURL=blob&&(self.URL||self.webkitURL).createObjectURL(blob),!objURL)throw"";const worker=new Worker(objURL,{name:null==options...
L47: /*!
Low
Eval
Package source references a known benign dynamic code generation pattern.
packages/inspector-client/dist/assets/index-Dq8uE01s.jsView on unpkg · L45packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.jsView file
•path = packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js
kind = oversized_source_file
sizeBytes = 5344467
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
packages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.jsView on unpkgFindings
1 High3 Medium7 Low
HighOversized Source Filepackages/inspector-client/dist/assets/monacoThemes-BdAP6HsJ.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalpackages/inspector-client/dist/assets/index-Dq8uE01s.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License