AI Security Review
scanned 9h ago · by lpm-firewall-aiThe package is a native-binary npm launcher with a postinstall fallback downloader. This creates install-time remote binary retrieval risk, but inspected JS sources do not show a concrete malicious chain.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall, or user runs kv-code bin
Impact
Installs and executes package-owned native kv-code binary; no confirmed exfiltration or unauthorized control-surface mutation in inspected source
Mechanism
package-aligned native binary download/install and CLI spawn wrapper
Rationale
Static inspection confirms install-time network download and native binary execution, but they are package-aligned launcher behavior with no observed credential theft, exfiltration, persistence, destructive action, or unconsented AI-agent control-surface mutation. Because the unresolved risk is remote native payload installation at lifecycle time, warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdscripts/README.mdvendor/<targetTriple>/bin/kv-codevendor/<targetTriple>/bin/kv-code.exe.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases
Decision evidence
public snapshotAI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json runs postinstall: node scripts/postinstall.js
- scripts/postinstall.js downloads latest GitHub release asset from api.github.com when no bundled/optional binary is found
- scripts/postinstall.js extracts the downloaded archive with tar and copies kv-code/codex binary into vendor path, then chmods it
- bin/kv-code.js spawns the resolved native binary with inherited stdio and full process.env
Evidence against
- Network endpoint is package-aligned: HyperXenonZephyr/Kv-code GitHub releases
- No credential harvesting, env/file exfiltration, persistence, destructive behavior, or AI-agent config writes found in JS/package sources
- Postinstall writes only under packageRoot vendor/.tmp-install paths and cleans temp directory
- CLI execution is user-invoked and only forwards args/env to the package's native binary
- OptionalDependencies point to same @hyperxenonzephyr/kv-code platform packages
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings