AI Security Review
scanned 3h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a user-invoked coding-agent CLI with explicit shell, file, and HTTP capabilities; its install hook only prints text.
Static reason
No blocking static signals were detected.
Trigger
User runs `kitty`, `kitty init`, or an agent workflow after installation.
Impact
Can modify the selected project and make configured provider or tool HTTP requests during explicit runtime use; no covert install-time action or fixed exfiltration endpoint was found.
Mechanism
Explicit local agent runtime with project-scoped configuration and user/model-directed tools.
Rationale
Source inspection found a benign install hook and documented, user-triggered agent capabilities. Shell, file, and network primitives are aligned with the package's stated interactive coding-agent function, with no concrete covert execution, credential theft, persistence, or exfiltration chain.
Evidence
package.jsonscripts/postinstall.cjsdist/cli.jsREADME.md.kitty/.env.kitty/.env.example.kitty/.kittyignore
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- `scripts/postinstall.cjs` only prints installation guidance.
- `package.json` postinstall invokes only that message script.
- `dist/cli.js` registers file, shell, and HTTP tools for its user-invoked agent runtime.
- `dist/cli.js` limits `kitty init` writes to project-local `.kitty` files.
- `dist/cli.js` loads API settings from project `.kitty/.env`; no fixed exfiltration host found.
- `README.md` documents the same interactive CLI, agent, and local project workflow.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
HighEntropyStringsUrlStrings
Oversized source lightweight scan
dist/cli.js10.3 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsCryptoShellWebSocketDynamicRequireHighEntropyStringsUrlStringsapi.telegram.orgwww.apache.org
Source & flagged code
4 flagged · loading sourcepackage.jsonView file
•scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts
Package defines install-time lifecycle scripts.
package.jsonView on unpkgdist/chunk-X4URZ2YI.mjsView file
119const command = typeof payload?.command === "string" ? payload.command : "command";
L120: const exitCode = typeof payload?.exitCode === "number" ? payload.exitCode : "unknown";
L121: return `bash ${truncate(oneLine2(command), 120)} (exit ${exitCode})`;
...
L158: try {
L159: const parsed = JSON.parse(raw);
L160: return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
...
L407: transport: "standard",
L408: defaultBaseUrl: "https://api.deepseek.com",
L409: requestTimeoutMs: DEFAULT_REQUEST_TIMEOUT_MS,
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/chunk-X4URZ2YI.mjsView on unpkg · L119dist/cli.jsView file
•path = dist/cli.js
kind = oversized_source_file
sizeBytes = 10810853
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/cli.jsView on unpkg•path = dist/cli.js
kind = oversized_cli_entrypoint
sizeBytes = 10810853
magicHex = [redacted]
Medium
Oversized Cli Entrypoint
Package contains an oversized executable-looking CLI entrypoint.
dist/cli.jsView on unpkgFindings
2 High5 Medium6 Low
HighInstall Time Lifecycle Scriptspackage.json
HighOversized Source Filedist/cli.js
MediumDynamic Require
MediumNetwork
MediumEnvironment Vars
MediumOversized Cli Entrypointdist/cli.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-X4URZ2YI.mjs
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings