AI Security Review
scanned 9h ago · by lpm-firewall-aiInstall-time script fetches and installs a native executable from the package GitHub latest release. This is a remote binary supply-chain risk, but source inspection did not show exfiltration, persistence, destructive behavior, or AI-agent control hijack.
Static reason
One or more suspicious static signals were detected.
Trigger
npm install invokes postinstall; user running kv-code invokes the binary
Impact
Downloaded native code may run later as kv-code, but no confirmed malicious JS behavior is present
Mechanism
postinstall remote native binary downloader and CLI binary launcher
Rationale
The package has a real install-time remote executable download and later binary execution path, so it should not be marked clean. However, inspection found no concrete malicious behavior in the shipped JS source, making warn/suspicious more appropriate than publish blocking.
Evidence
package.jsonscripts/postinstall.jsbin/kv-code.jsREADME.mdscripts/README.mdvendor/<targetTriple>/bin/kv-code.tmp-install
Network endpoints2
api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latestgithub.com/HyperXenonZephyr/Kv-code/releases
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- package.json defines postinstall: node scripts/postinstall.js
- scripts/postinstall.js queries https://api.github.com/repos/HyperXenonZephyr/Kv-code/releases/latest
- postinstall downloads a release asset, extracts it with tar, copies kv-code executable into vendor path, chmods it
- bin/kv-code.js later spawns the installed native binary with inherited stdio and environment
Evidence against
- No credential harvesting, env secret filtering, or filesystem enumeration found in package JS
- No writes to AGENTS.md, Codex/Claude/Gemini config, shell profiles, or other AI-agent control surfaces found
- Network activity is limited to the package's GitHub release source for native binary install
- CLI wrapper only resolves package/platform vendor binary and forwards user arguments
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
UrlStrings
Source & flagged code
2 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkg•scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script
Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgFindings
1 High3 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings