registry  /  @hyperxenonzephyr/kv-code  /  0.3.7

@hyperxenonzephyr/kv-code@0.3.7

KV Code is a local-first coding agent for terminal workflows.

AI Security Review

scanned 39m ago · by lpm-firewall-ai

Install-time code downloads a native CLI archive from the package's GitHub latest release and stages a binary under the package vendor directory. This is package-aligned but leaves a remote, unpinned binary supply-chain risk rather than confirmed malware.

Static reason
One or more suspicious static signals were detected.
Trigger
npm postinstall or later kv-code CLI invocation
Impact
Potential execution of unverified release binary if upstream asset is malicious or swapped; no source-confirmed exfiltration or persistence.
Mechanism
postinstall remote native binary download and launcher spawn
Rationale
Static source inspection found a real install-time remote binary download without integrity verification, but it is first-party/package-aligned and no exfiltration, destructive action, stealth persistence, or foreign AI-agent control mutation is present. Treat as a warning-level supply-chain risk rather than confirmed malicious behavior.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdscripts/README.mdvendor/<targetTriple>/bin/kv-code.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json runs postinstall: node scripts/postinstall.js
  • scripts/postinstall.js fetches latest GitHub release over HTTPS and downloads an archive
  • scripts/postinstall.js extracts archive with tar and copies kv-code binary into vendor path
  • Downloaded binary is not pinned to package version and no checksum/signature verification is present
  • bin/kv-code.js later spawns the resolved native binary with inherited stdio/env
Evidence against
  • Network activity is package-aligned to HyperXenonZephyr/Kv-code releases
  • No credential/env harvesting beyond forwarding process.env to the invoked CLI
  • No AI-agent config/control-surface writes found in package sources
  • No destructive filesystem behavior outside package install temp/vendor paths
  • No obfuscation, eval, or reviewer prompt injection found
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.5 KB of source, external domains: api.github.com, github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings