registry  /  @hyperxenonzephyr/kv-code  /  0.3.4

@hyperxenonzephyr/kv-code@0.3.4

KV Code is a local-first coding agent for terminal workflows.

AI Security Review

scanned 9h ago · by lpm-firewall-ai

The package has an install-time native binary downloader without visible integrity verification. This is a package-aligned CLI bootstrap pattern, but the release asset becomes executable when the user runs kv-code.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user later runs kv-code
Impact
Unverified remote release asset can determine CLI runtime behavior, but no source-level malicious behavior is confirmed
Mechanism
GitHub release binary download and CLI spawn wrapper
Rationale
Static inspection shows an install-time remote native-binary fetch with no visible hash verification, which is real supply-chain risk but remains package-aligned and lacks exfiltration, destructive actions, persistence, or foreign AI-agent control mutation. Marking suspicious/warn is appropriate rather than blocking as malicious.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.md.tmp-installvendor/<target-triple>/bin/kv-code
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.js
  • scripts/postinstall.js queries GitHub releases/latest and downloads a native archive when no binary exists
  • scripts/postinstall.js extracts the archive with tar and copies kv-code into vendor/<target>/bin
  • bin/kv-code.js later spawns the resolved native binary with inherited stdio and environment
Evidence against
  • Network use is package-aligned to HyperXenonZephyr/Kv-code releases, not an unrelated endpoint
  • No credential, env, npmrc, ssh, or filesystem harvesting found
  • No exfiltration or destructive behavior found
  • No AI-agent control-surface writes or persistence outside the package directory found
  • Downloaded binary is not executed during postinstall; execution requires running the kv-code CLI
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.5 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings