AI Security Review
scanned 5h ago · by lpm-firewall-aiInstall-time script can fetch and install an unpinned native executable from the package's GitHub latest release. This creates unresolved supply-chain risk, but source inspection did not show concrete malicious behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install or package postinstall lifecycle
Impact
Installs and later executes a package-aligned native coding-agent binary; risk depends on remote release asset contents.
Mechanism
first-party native binary downloader and CLI launcher
Rationale
The package has real install-time remote native binary installation, so it should not be marked clean. The behavior is package-aligned and lacks source evidence of exfiltration, destructive actions, stealth persistence, or foreign AI-agent control-surface mutation, so a publish block is not justified.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdvendor/<targetTriple>/bin/kv-code.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs node scripts/postinstall.js at install time
- scripts/postinstall.js queries https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest
- scripts/postinstall.js downloads a release asset, extracts it with tar, and copies kv-code into vendor/<triple>/bin
- bin/kv-code.js later spawns the resolved native binary with inherited stdio and process env
Evidence against
- Network use is package-aligned: GitHub repo matches package homepage/repository and README install instructions
- No source evidence of credential harvesting, filesystem scanning outside install paths, or exfiltration
- postinstall only writes inside packageRoot vendor/.tmp-install and cleans the temp directory
- bin/kv-code.js is a launcher for platform optional dependency or local vendor binary, not import-time execution
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings