AI Security Review
scanned 9h ago · by lpm-firewall-aiInstall-time script can fetch and install a native executable from the package author's GitHub latest release without an integrity check. This is a package-aligned native binary installer but leaves unresolved remote payload risk.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs kv-code
Impact
Remote release asset becomes executable code under the installed package and is later run by the CLI.
Mechanism
install-time native binary download and CLI spawn wrapper
Rationale
This is not confirmed malicious because the behavior is package-aligned and no concrete exfiltration, persistence, destructive action, or foreign agent control-surface mutation was found. It should warn because install-time retrieval of an unverified latest native executable creates real unresolved remote payload risk.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdvendor/<targetTriple>/bin/kv-codevendor/<targetTriple>/bin/kv-code.exe.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases
Decision evidence
public snapshotAI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js queries https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest
- scripts/postinstall.js downloads a release asset, extracts it with tar, copies kv-code into vendor, and chmods it executable
- bin/kv-code.js spawns the installed native binary with inherited stdio and process environment
Evidence against
- Network endpoint is package-aligned GitHub repo, not an unrelated exfiltration host
- No credential harvesting, filesystem scraping, persistence, destructive behavior, or AI-agent config mutation found
- postinstall writes only under packageRoot vendor/.tmp-install and cleans temporary files
- CLI execution is user-invoked via bin/kv-code.js
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings