registry  /  @hyperxenonzephyr/kv-code  /  0.1.2

@hyperxenonzephyr/kv-code@0.1.2

KV Code is a local-first coding agent for terminal workflows.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

Install hook can fetch and stage a native executable from the package author's latest GitHub release. This is unresolved supply-chain risk, but source inspection did not show confirmed malware or AI-agent control hijacking.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install postinstall lifecycle
Impact
A compromised or malicious GitHub release could place an executable that later runs when the user invokes kv-code.
Mechanism
remote native binary download and package-local install
Attack narrative
On install, scripts/postinstall.js checks for an existing platform binary, queries the package repo's latest GitHub release, downloads a matching archive, extracts it with tar, and copies kv-code into the package vendor directory. The staged binary is then executed only when the kv-code CLI wrapper is run.
Rationale
The package has a real install-time remote binary staging path with unpinned latest-release trust, so it should not be marked clean. Source inspection did not find concrete exfiltration, persistence, destructive behavior, or unconsented mutation of foreign AI-agent control surfaces, so publish blocking is not justified.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdvendor/<targetTriple>/bin/kv-code.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js fetches https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest during install
  • postinstall downloads a release asset, extracts it with tar, copies a native binary into vendor, and chmods it executable
  • Downloaded asset is selected from latest GitHub release rather than a package-pinned integrity value
Evidence against
  • bin/kv-code.js only resolves and spawns a platform binary when the kv-code CLI is invoked
  • No source writes to .mcp.json, CLAUDE.md, Codex/Cursor settings, shell startup files, VCS hooks, or home agent surfaces
  • No credential harvesting, env exfiltration, destructive actions, persistence, eval/vm/Function, or import-time execution found
  • Network use is package-aligned binary installation from the declared GitHub repo
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.5 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings