registry  /  @jun133/kitty  /  0.0.21

@jun133/kitty@0.0.21

Agent

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked coding-agent CLI with explicit shell, file, and HTTP capabilities; its install hook only prints text.

Static reason
No blocking static signals were detected.
Trigger
User runs `kitty`, `kitty init`, or an agent workflow after installation.
Impact
Can modify the selected project and make configured provider or tool HTTP requests during explicit runtime use; no covert install-time action or fixed exfiltration endpoint was found.
Mechanism
Explicit local agent runtime with project-scoped configuration and user/model-directed tools.
Rationale
Source inspection found a benign install hook and documented, user-triggered agent capabilities. Shell, file, and network primitives are aligned with the package's stated interactive coding-agent function, with no concrete covert execution, credential theft, persistence, or exfiltration chain.
Evidence
package.jsonscripts/postinstall.cjsdist/cli.jsREADME.md.kitty/.env.kitty/.env.example.kitty/.kittyignore

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `scripts/postinstall.cjs` only prints installation guidance.
    • `package.json` postinstall invokes only that message script.
    • `dist/cli.js` registers file, shell, and HTTP tools for its user-invoked agent runtime.
    • `dist/cli.js` limits `kitty init` writes to project-local `.kitty` files.
    • `dist/cli.js` loads API settings from project `.kitty/.env`; no fixed exfiltration host found.
    • `README.md` documents the same interactive CLI, agent, and local project workflow.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 12 file(s), 879 KB of source, external domains: api.deepseek.com, api.openai.com, api.telegram.org, code.ylsagi.com, w.ciykj.cn, www.apache.org
    Oversized source lightweight scan
    dist/cli.js10.3 MB file, sampled 256 KB
    FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketDynamicRequireHighEntropyStringsUrlStringsapi.telegram.orgwww.apache.org

    Source & flagged code

    4 flagged · loading source
    package.jsonView file
    scripts.postinstall = node scripts/postinstall.cjs
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    dist/chunk-X4URZ2YI.mjsView file
    119const command = typeof payload?.command === "string" ? payload.command : "command"; L120: const exitCode = typeof payload?.exitCode === "number" ? payload.exitCode : "unknown"; L121: return `bash ${truncate(oneLine2(command), 120)} (exit ${exitCode})`; ... L158: try { L159: const parsed = JSON.parse(raw); L160: return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null; ... L407: transport: "standard", L408: defaultBaseUrl: "https://api.deepseek.com", L409: requestTimeoutMs: DEFAULT_REQUEST_TIMEOUT_MS,
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/chunk-X4URZ2YI.mjsView on unpkg · L119
    dist/cli.jsView file
    path = dist/cli.js kind = oversized_source_file sizeBytes = 10810853 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    dist/cli.jsView on unpkg
    path = dist/cli.js kind = oversized_cli_entrypoint sizeBytes = 10810853 magicHex = [redacted]
    Medium
    Oversized Cli Entrypoint

    Package contains an oversized executable-looking CLI entrypoint.

    dist/cli.jsView on unpkg

    Findings

    2 High5 Medium6 Low
    HighInstall Time Lifecycle Scriptspackage.json
    HighOversized Source Filedist/cli.js
    MediumDynamic Require
    MediumNetwork
    MediumEnvironment Vars
    MediumOversized Cli Entrypointdist/cli.js
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowWeak Cryptodist/chunk-X4URZ2YI.mjs
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings