registry  /  @hyperxenonzephyr/kv-code  /  0.3.1

@hyperxenonzephyr/kv-code@0.3.1

KV Code is a local-first coding agent for terminal workflows.

AI Security Review

scanned 9h ago · by lpm-firewall-ai

No confirmed malicious attack surface in the JavaScript package wrapper. The install hook bootstraps a package-owned native binary from the package's GitHub releases if optional platform packages are missing.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs kv-code CLI
Impact
Installs/executes package-owned native CLI; risk is normal native-tool supply chain risk, not confirmed malware in inspected source.
Mechanism
package-aligned native binary bootstrap and CLI spawn wrapper
Rationale
Static inspection shows a native CLI launcher with a postinstall fallback that downloads the package's own release artifact and writes it under the package directory. Although install-time network download and native execution are risky primitives, they are disclosed/package-aligned and no exfiltration, persistence, destructive behavior, or unconsented foreign AI-agent control-surface mutation was found.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdscripts/README.mdvendor/<target>/bin/kv-codevendor/<target>/bin/kv-code.exe.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • postinstall downloads GitHub release asset and extracts it with tar when no binary/optional dependency exists
  • postinstall writes package-local vendor/<target>/bin/kv-code and temporary .tmp-install files
  • CLI bin spawns a native binary from package optional dependency or package-local vendor path
Evidence against
  • package.json has only postinstall and prepublishOnly; no preinstall hook
  • postinstall endpoint is package-aligned: api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest and release asset URLs
  • No credential harvesting, env exfiltration, destructive project writes, persistence, or AI-agent config mutation found in inspected JS
  • CLI execution is user-invoked via bin/kv-code.js and passes through args/env to the local native executable
  • Files present are limited to package.json, bin/kv-code.js, scripts/postinstall.js, README.md, scripts/README.md, LICENSE
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.5 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings