registry  /  @hiver.sh/client  /  0.1.24

@hiver.sh/client@0.1.24

TypeScript client for the Hiver runtime.

AI Security Review

scanned 20h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Risky primitives are part of a Hiver sandbox client and explicit examples, not automatic install or import behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User imports the client and calls API methods, or manually runs examples
Impact
User-requested remote sandbox execution/file operations through configured Hiver gateway; no unconsented host mutation found
Mechanism
sandbox gateway client API and example MCP/shell utilities
Rationale
Static inspection shows a sandbox client with network and execution capabilities exposed as explicit APIs/examples, with no lifecycle hooks or automatic mutation/exfiltration path. The scanner findings align with package purpose and example code rather than a concrete malicious chain.
Evidence
package.jsonsrc/controller.tssrc/sandbox.tssrc/utils.tsdist/index.jsexamples/mcp-server/index.tsexamples/mcp-server/image/server.tsexamples/utils/build.tsexamples/custom-image/image/app.js/workspace/hello.txt/workspace/secret/keys.txt/workspace/inputs/data.txt
Network endpoints10
localhost:10000registry.npmjs.orgpypi.orgfiles.pythonhosted.orggatewaygateway.hiverexample.com/www.google.com/search?q=Carmel,+Californiagithub.com/blastengithub.com/hiver-sh/hiver

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • examples/mcp-server/image/server.ts exposes MCP tools for bash/read/write/edit when that example server is explicitly run
  • examples/mcp-server/index.ts spawns npx @modelcontextprotocol/inspector as an example command
  • src/sandbox.ts provides user-invoked sandbox exec/writeFile/deleteFile API calls
Evidence against
  • package.json has no preinstall/install/postinstall hooks
  • src/controller.ts only contacts a configured Hiver gateway, defaulting to http://localhost:10000
  • dist/index.js appears to be bundled src client code, not hidden install-time code
  • process.env use is limited to HIVER_GATEWAY_URL and example-required API keys
  • examples/utils/build.ts runs hiver bundle only in example workflows
  • No credential harvesting, persistence, project config mutation, or exfiltration found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 42 file(s), 210 KB of source, external domains: 127.0.0.1, console.cloud.google.com, example.com, example.org, finnhub.io, github.com, news.ycombinator.com, www.google.com, www.googleapis.com

Source & flagged code

6 flagged · loading source
dist/index.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @hiver.sh/client@0.1.23 matchedIdentity = npm:QGhpdmVyLnNoL2NsaWVudA:0.1.23 similarity = 0.810 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/index.jsView on unpkg
485*/ L486: async exec(command, opts) { L487: const body = { command };
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L485
examples/mcp-server/image/server.tsView file
214inputSchema: { L215: cmd: z.string().describe("Shell command to execute via /bin/sh -c"), L216: cwd: z
High
Shell

Package source references shell execution.

examples/mcp-server/image/server.tsView on unpkg · L214
1import { createServer } from "node:http"; L2: import { execFile } from "node:child_process"; L3: import { promisify } from "node:util"; ... L11: L12: const PORT = Number(process.env.PORT ?? 3000); L13: const DEFAULT_READ_LIMIT = 2000;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

examples/mcp-server/image/server.tsView on unpkg · L1
examples/mcp-server/index.tsView file
3// L4: // Run with: npx tsx examples/mcp-server L5: import { spawn } from "node:child_process"; L6: import { dirname, join } from "node:path";
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

examples/mcp-server/index.tsView on unpkg · L3
examples/local-filesystem-mount/skills/echo/echo.shView file
path = examples/local-filesystem-mount/skills/echo/echo.sh kind = build_helper sizeBytes = 81 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

examples/local-filesystem-mount/skills/echo/echo.shView on unpkg

Findings

1 Critical4 High4 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/index.js
HighChild Processdist/index.js
HighShellexamples/mcp-server/image/server.ts
HighSame File Env Network Executionexamples/mcp-server/image/server.ts
HighRuntime Package Installexamples/mcp-server/index.ts
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperexamples/local-filesystem-mount/skills/echo/echo.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License