registry  /  @keystrokehq/platform  /  0.1.26

@keystrokehq/platform@0.1.26

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a platform server with user/runtime-invoked tool execution and configured outbound integrations, but no install-time/import-time harvesting, persistence, or hidden exfiltration was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
explicit runtime server/tool invocation
Impact
no confirmed malicious impact
Mechanism
platform-aligned server routes and sandboxed command execution
Rationale
Static inspection found dangerous primitives, but they are documented/runtime-invoked platform capabilities with sandboxing and configured endpoints, not unconsented install/import behavior or credential exfiltration. The metadata-host signal is defensive URL blocking, so scanner hints are noisy here.
Evidence
package.jsonREADME.mddist/run.mjsdist/start-BopA4OXE.mjsdist/js-exec-N5KEZBH7-PxuNBAca.mjsdist/dist-Dfoa0fsU.mjsdist/chunk-TN7HHBQW-B8PYcKz5.mjsdist/dist-Dfoa0fsU.mjs extracts dist/.keystroke/route-manifest.json from uploaded artifact tarballs via temporary files
Network endpoints3
hooks.slack.com/services/...ai-gateway.vercel.sh/v1/modelsai-gateway.vercel.sh

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/start-BopA4OXE.mjs bundles just-bash commands including bash/sh and js-exec for runtime tool execution.
  • dist/js-exec-N5KEZBH7-PxuNBAca.mjs exposes a sandboxed JS runtime with fs/fetch/child_process-like APIs to invoked scripts.
  • dist/dist-Dfoa0fsU.mjs imports child_process.spawnSync and uses tar to extract route manifests from project artifacts.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks; scripts are dev/start/test only.
  • dist/run.mjs only starts the platform server via definePlatformConfig/startPlatformServer when explicitly run.
  • Network calls are package-aligned: Slack webhook env, Vercel model catalog, configured platform URLs, S3/database/admin APIs.
  • Cloud metadata finding is an SSRF blocklist in dist/dist-Dfoa0fsU.mjs, not a credential fetch.
  • dist/chunk-TN7HHBQW-B8PYcKz5.mjs contains defenses blocking process.env, process.getBuiltinModule, eval/Function during script execution.
  • README.md documents the platform control-plane server, Slack webhook, and public models endpoints.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNativeBindingsNetworkShell
Supply chain
HighEntropyStringsObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 212 file(s), 7.56 MB of source, external domains: 127.0.0.1, ai-gateway.vercel.sh, angular.io, api.exa.ai, api.keystroke.ai, chat-sdk.dev, cscott.net, datatracker.ietf.org, dom.spec.whatwg.org, example.com, github.com, json-schema.org, landley.net, raw.githubusercontent.com, trac.webkit.org, www.ibm.com, www.w3.org, www.whatwg.org

Source & flagged code

8 flagged · loading source
dist/start-BopA4OXE.mjsView file
22428} L22429: exec(t) { L22430: let e = this.acquireMatcher(t), s = this._global ? this._lastIndex : 0;
High
Child Process

Package source references child process execution.

dist/start-BopA4OXE.mjsView on unpkg · L22428
dist/chunk-TN7HHBQW-D_SK6w5n.cjsView file
17strategy: "throw", L18: reason: "eval() allows arbitrary code execution" L19: },
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-TN7HHBQW-D_SK6w5n.cjsView on unpkg · L17
dist/head-442HYESI-Dl61xdxd.cjsView file
1require("./start-B-r5AcHg.cjs"); L2: require("./chunk-BZUGFHVS-7RRM7Jpb.cjs");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/head-442HYESI-Dl61xdxd.cjsView on unpkg · L1
dist/dist-Dfoa0fsU.mjsView file
7import { AsyncLocalStorage } from "node:async_hooks"; L8: import { deleteSecretValuesForRef, ensureOAuthApp, getOrganizationScopeId, saveOAuthConnection, selectSecretValue, upsertSecretValue } from "@keystrokehq/platform-database"; L9: import { createCipheriv, createDecipheriv, createHash, randomBytes, randomUUID } from "node:crypto"; L10: import * as z$1 from "zod/v4"; ... L17: import { join } from "node:path"; L18: import { spawnSync } from "node:child_process"; L19: import { tmpdir } from "node:os"; ... L593: * (timestamps embedded in the id). Use {@link cuid2} instead. L594: * See https://github.com/paralleldrive/cuid. L595: */ ... L4825: "previews", L4826: "private",
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/dist-Dfoa0fsU.mjsView on unpkg · L7
dist/dist-BSIIH4ft.cjsView file
31let node_async_hooks = require("node:async_hooks"); L32: let _keystrokehq_platform_database = require("@keystrokehq/platform-database"); L33: let node_crypto = require("node:crypto"); ... L45: let node_path = require("node:path"); L46: let node_child_process = require("node:child_process"); L47: let node_os = require("node:os"); ... L597: * (timestamps embedded in the id). Use {@link cuid2} instead. L598: * See https://github.com/paralleldrive/cuid. L599: */ ... L626: const cidrv6 = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|([0-9a-fA-F]{1,4})?::([0-9a-fA-F]{1,4}:?){0,6})\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$/; L627: const base64 = /^$|^(?:[0-9a-zA-Z+/]{4})*(?:(?:[0-9a-zA-Z+/]{2}==)|(?:[0-9a-zA-Z+/]{3}=))?$/; L628: const base64url = /^[A-Za-z0-9_-]*$/;
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/dist-BSIIH4ft.cjsView on unpkg · L31
31let node_async_hooks = require("node:async_hooks"); L32: let _keystrokehq_platform_database = require("@keystrokehq/platform-database"); L33: let node_crypto = require("node:crypto"); ... L45: let node_path = require("node:path"); L46: let node_child_process = require("node:child_process"); L47: let node_os = require("node:os"); ... L597: * (timestamps embedded in the id). Use {@link cuid2} instead. L598: * See https://github.com/paralleldrive/cuid. L599: */ ... L626: const cidrv6 = /^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|([0-9a-fA-F]{1,4})?::([0-9a-fA-F]{1,4}:?){0,6})\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$/; L627: const base64 = /^$|^(?:[0-9a-zA-Z+/]{4})*(?:(?:[0-9a-zA-Z+/]{2}==)|(?:[0-9a-zA-Z+/]{3}=))?$/; L628: const base64url = /^[A-Za-z0-9_-]*$/;
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/dist-BSIIH4ft.cjsView on unpkg · L31
dist/js-exec-N5KEZBH7-BfVFKq8I.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = @keystrokehq/platform@0.1.24 matchedIdentity = npm:QGtleXN0cm9rZWhxL3BsYXRmb3Jt:0.1.24 similarity = 0.933 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/js-exec-N5KEZBH7-BfVFKq8I.cjsView on unpkg
40Cross-file remote execution chain: dist/js-exec-N5KEZBH7-BfVFKq8I.cjs spawns dist/chunk-TN7HHBQW-D_SK6w5n.cjs; helper contains network access plus dynamic code execution. L40: Available modules: L41: fs, path, child_process, process, console, L42: os, url, assert, util, events, buffer, stream, ... L55: child_process: L56: execSync(cmd) throws on non-zero exit, returns stdout L57: spawnSync(cmd, args) returns { stdout, stderr, status } ... L61: L62: os: platform(), arch(), homedir(), tmpdir(), type(), hostname(), L63: EOL, cpus(), endianness() L64: L65: url: URL, URLSearchParams, parse(), format() L66:
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/js-exec-N5KEZBH7-BfVFKq8I.cjsView on unpkg · L40

Findings

1 Critical4 High5 Medium9 Low
CriticalPrevious Version Dangerous Deltadist/js-exec-N5KEZBH7-BfVFKq8I.cjs
HighChild Processdist/start-BopA4OXE.mjs
HighShell
HighCloud Metadata Accessdist/dist-BSIIH4ft.cjs
HighCross File Remote Execution Contextdist/js-exec-N5KEZBH7-BfVFKq8I.cjs
MediumDynamic Requiredist/head-442HYESI-Dl61xdxd.cjs
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/dist-BSIIH4ft.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvaldist/chunk-TN7HHBQW-D_SK6w5n.cjs
LowWeak Cryptodist/dist-Dfoa0fsU.mjs
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License