registry  /  @hyperxenonzephyr/kv-code  /  0.3.6

@hyperxenonzephyr/kv-code@0.3.6

KV Code is a local-first coding agent for terminal workflows.

AI Security Review

scanned 9h ago · by lpm-firewall-ai

Install-time code can download and stage a native binary from first-party GitHub releases. Runtime CLI then executes that binary, but inspected JS wrapper does not itself show exfiltration, persistence, destructive behavior, or foreign agent control-surface mutation.

Static reason
One or more suspicious static signals were detected.
Trigger
npm install runs postinstall; user running kv-code invokes the staged binary.
Impact
Unpinned release binary creates unresolved supply-chain risk, but no concrete malicious behavior is present in package source.
Mechanism
first-party remote native binary download and CLI spawn wrapper
Rationale
The package has real install-time remote binary staging and native execution risk, so a warning is justified. Source inspection found the behavior package-aligned and first-party, with no confirmed exfiltration, persistence, destructive action, or AI-agent control hijack, so it should not be blocked as malicious.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.md.tmp-installvendor/<targetTriple>/bin/kv-codevendor/<targetTriple>/bin/kv-code.exe
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines install-time postinstall: node scripts/postinstall.js.
  • scripts/postinstall.js fetches https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest and downloads a release asset.
  • scripts/postinstall.js extracts the downloaded archive with tar and copies a native binary into vendor/<target>/bin/kv-code.
  • bin/kv-code.js spawns the platform native binary with inherited stdio and inherited environment.
Evidence against
  • No credential harvesting, broad file collection, or exfiltration logic found in inspected JS sources.
  • Network use is limited to first-party GitHub release lookup/download for the advertised CLI binary.
  • No preinstall/install mutation of foreign AI-agent config or control surfaces found.
  • README describes a local-first terminal coding agent and documents kv-code CLI usage.
  • Postinstall exits successfully with instructions if binary installation fails rather than hiding errors.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.5 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings