AI Security Review
scanned 9h ago · by lpm-firewall-aiThe package is a thin npm launcher that installs a native kv-code binary from GitHub Releases during postinstall, then spawns that binary at CLI runtime. This creates remote binary supply-chain risk but no confirmed malicious behavior in the inspected JavaScript source.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user runs kv-code CLI
Impact
Unpinned latest GitHub release asset can determine the installed native executable; no source-level exfiltration or persistence confirmed.
Mechanism
postinstall remote native-binary downloader and runtime launcher
Rationale
This is not source-confirmed malware, but install-time download and installation of an unpinned native binary from the latest GitHub release is a real unresolved supply-chain risk. The observed behavior is package-aligned and lacks exfiltration, persistence, destructive actions, or broad/foreign AI-agent control-surface mutation, so warn rather than block.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdscripts/README.mdvendor/<targetTriple>/bin/kv-codevendor/<targetTriple>/bin/kv-code.exe.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js fetches https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest
- scripts/postinstall.js downloads a release asset, extracts it with tar, copies kv-code binary into vendor/
- bin/kv-code.js spawns the resolved native binary with inherited stdio and process env
Evidence against
- Network use is package-aligned to the declared GitHub repo, not a hidden endpoint
- No credential harvesting, env enumeration beyond npm manager detection, or exfiltration seen
- No foreign AI-agent config/control-surface writes seen
- Downloaded binary is not executed during postinstall; it is launched only by the kv-code CLI
- Filesystem writes are limited to packageRoot/.tmp-install and packageRoot/vendor target paths
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings