registry  /  @keystrokehq/platform  /  0.1.24

@keystrokehq/platform@0.1.24

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are part of a platform server/runtime and bundled command utilities, activated by explicit runtime use rather than install or import.

Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs the platform server or invokes bundled runtime commands.
Impact
No evidence of credential harvesting, unsolicited exfiltration, persistence, destructive behavior, or AI-agent control-surface mutation.
Mechanism
Package-aligned server, storage, scheduler, proxy, and sandbox utilities.
Rationale
Static source inspection found suspicious primitives, but they are aligned with the package's platform server and user-invoked runtime features, with no lifecycle or import-time execution path. No concrete malicious behavior or unconsented persistence/exfiltration was established.
Evidence
package.jsondist/run.mjsdist/config.mjsdist/start-Bkcu3Xyf.mjsdist/dist-DEUmH1sy.mjsdist/js-exec-N5KEZBH7-yV-xrF3D.mjs
Network endpoints2
ai-gateway.vercel.shapi.exa.ai

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks and exports only dist entrypoints.
    • dist/run.mjs only starts the platform server via definePlatformConfig/startPlatformServer.
    • dist/config.mjs imports default plugins but performs no install/import-time network or shell action.
    • dist/start-Bkcu3Xyf.mjs network use is server/runtime-aligned: AI Gateway, Exa proxy, Slack webhook, S3, and configured platform URLs.
    • dist/dist-DEUmH1sy.mjs child_process spawnSync only extracts a route manifest from a provided artifact tarball using tar in a temp directory.
    • dist/js-exec-N5KEZBH7-yV-xrF3D.mjs implements a user-invoked sandbox command, not package install/import execution.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
    Supply chain
    HighEntropyStringsObfuscatedTelemetryUrlStrings
    Manifest
    NoLicense
    scanned 212 file(s), 7.40 MB of source, external domains: 127.0.0.1, ai-gateway.vercel.sh, angular.io, api.exa.ai, api.keystroke.ai, chat-sdk.dev, cscott.net, datatracker.ietf.org, dom.spec.whatwg.org, example.com, github.com, json-schema.org, landley.net, raw.githubusercontent.com, trac.webkit.org, www.ibm.com, www.w3.org, www.whatwg.org

    Source & flagged code

    7 flagged · loading source
    dist/start-BXs2tRMp.cjsView file
    22429} L22430: exec(t) { L22431: let e = this.acquireMatcher(t), s = this._global ? this._lastIndex : 0;
    High
    Child Process

    Package source references child process execution.

    dist/start-BXs2tRMp.cjsView on unpkg · L22429
    dist/chunk-TN7HHBQW-D_SK6w5n.cjsView file
    17strategy: "throw", L18: reason: "eval() allows arbitrary code execution" L19: },
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/chunk-TN7HHBQW-D_SK6w5n.cjsView on unpkg · L17
    dist/wc-LF7NU4LA-C4FhC6BH.cjsView file
    1const require_start = require("./start-BXs2tRMp.cjs"); L2: require("./chunk-BZUGFHVS-7RRM7Jpb.cjs");
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/wc-LF7NU4LA-C4FhC6BH.cjsView on unpkg · L1
    dist/dist-DEUmH1sy.mjsView file
    7import { AsyncLocalStorage } from "node:async_hooks"; L8: import { deleteSecretValuesForRef, ensureOAuthApp, getOrganizationScopeId, saveOAuthConnection, selectSecretValue, upsertSecretValue } from "@keystrokehq/platform-database"; L9: import { createCipheriv, createDecipheriv, createHash, randomBytes, randomUUID } from "node:crypto"; L10: import * as z$1 from "zod/v4"; ... L17: import { join } from "node:path"; L18: import { spawnSync } from "node:child_process"; L19: import { tmpdir } from "node:os"; ... L593: * (timestamps embedded in the id). Use {@link cuid2} instead. L594: * See https://github.com/paralleldrive/cuid. L595: */ ... L4792: "previews", L4793: "private",
    High
    Cloud Metadata Access

    Source reaches cloud instance metadata or link-local credential endpoints.

    dist/dist-DEUmH1sy.mjsView on unpkg · L7
    7import { AsyncLocalStorage } from "node:async_hooks"; L8: import { deleteSecretValuesForRef, ensureOAuthApp, getOrganizationScopeId, saveOAuthConnection, selectSecretValue, upsertSecretValue } from "@keystrokehq/platform-database"; L9: import { createCipheriv, createDecipheriv, createHash, randomBytes, randomUUID } from "node:crypto"; L10: import * as z$1 from "zod/v4"; ... L17: import { join } from "node:path"; L18: import { spawnSync } from "node:child_process"; L19: import { tmpdir } from "node:os"; ... L593: * (timestamps embedded in the id). Use {@link cuid2} instead. L594: * See https://github.com/paralleldrive/cuid. L595: */ ... L4792: "previews", L4793: "private",
    Medium
    Install Persistence

    Source writes installer persistence such as shell profile or service configuration.

    dist/dist-DEUmH1sy.mjsView on unpkg · L7
    7import { AsyncLocalStorage } from "node:async_hooks"; L8: import { deleteSecretValuesForRef, ensureOAuthApp, getOrganizationScopeId, saveOAuthConnection, selectSecretValue, upsertSecretValue } from "@keystrokehq/platform-database"; L9: import { createCipheriv, createDecipheriv, createHash, randomBytes, randomUUID } from "node:crypto"; L10: import * as z$1 from "zod/v4"; ... L17: import { join } from "node:path"; L18: import { spawnSync } from "node:child_process"; L19: import { tmpdir } from "node:os"; ... L593: * (timestamps embedded in the id). Use {@link cuid2} instead. L594: * See https://github.com/paralleldrive/cuid. L595: */ ... L4792: "previews", L4793: "private",
    Low
    Weak Crypto

    Package source references weak cryptographic algorithms.

    dist/dist-DEUmH1sy.mjsView on unpkg · L7
    dist/js-exec-N5KEZBH7-yV-xrF3D.mjsView file
    40Cross-file remote execution chain: dist/js-exec-N5KEZBH7-yV-xrF3D.mjs spawns dist/chunk-TN7HHBQW-B8PYcKz5.mjs; helper contains network access plus dynamic code execution. L40: Available modules: L41: fs, path, child_process, process, console, L42: os, url, assert, util, events, buffer, stream, ... L55: child_process: L56: execSync(cmd) throws on non-zero exit, returns stdout L57: spawnSync(cmd, args) returns { stdout, stderr, status } ... L61: L62: os: platform(), arch(), homedir(), tmpdir(), type(), hostname(), L63: EOL, cpus(), endianness() L64: L65: url: URL, URLSearchParams, parse(), format() L66:
    High
    Cross File Remote Execution Context

    Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

    dist/js-exec-N5KEZBH7-yV-xrF3D.mjsView on unpkg · L40

    Findings

    4 High5 Medium9 Low
    HighChild Processdist/start-BXs2tRMp.cjs
    HighShell
    HighCloud Metadata Accessdist/dist-DEUmH1sy.mjs
    HighCross File Remote Execution Contextdist/js-exec-N5KEZBH7-yV-xrF3D.mjs
    MediumDynamic Requiredist/wc-LF7NU4LA-C4FhC6BH.cjs
    MediumNetwork
    MediumEnvironment Vars
    MediumInstall Persistencedist/dist-DEUmH1sy.mjs
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowEvaldist/chunk-TN7HHBQW-D_SK6w5n.cjs
    LowWeak Cryptodist/dist-DEUmH1sy.mjs
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings
    LowNo License