AI Security Review
scanned 3h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious attack chain was established, but the package has install-time dependency self-healing and first-party agent/IDE credential bridge behavior. The risk is lifecycle and credential-handling exposure rather than observed exfiltration or hijack.
Decision evidence
public snapshot- package.json defines postinstall: node scripts/postinstall.js.
- scripts/devenv.js postinstall runs npm ci/install inside bundled/services/backend and can write backend node_modules.
- scripts/devenv.js calls sourceHealService.runStartupHeal during postinstall, which may restore package-owned bundled/services/backend/src files from encrypted snapshot.
- bundled/extensions/khy-trae-bridge/extension.js obtains Trae session.accessToken and writes it to globalStorage/khy-trae-bridge/auth.json on activation/timer.
- index.js only exports install and bundle paths.
- bin/khy.js delegates to bundled backend CLI and only runs postinstall fallback when backend deps are missing.
- sourceHealService write scope is package-owned backend src with version/plan guardrails and no remote fetch.
- No credential exfiltration or remote payload download found in inspected lifecycle code.
- Codex/Claude config mutations are explicit runtime/admin routes or opt-in flags, not install-time behavior.
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L30GitHub personal access token in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L31RSA private key in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L32AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L54AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L61AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L63AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L69AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L75AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L128Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L41Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L70Package source references dynamic require/import behavior.
bin/khy.jsView on unpkg · L18Package source references shell execution.
bundled/scripts/bench/win_cost_compact.jsView on unpkg · L14Package source references a known benign dynamic code generation pattern.
bundled/software/khyquant/frontend/dist/assets/IntelligentStrategySelector-DPLaZEuV.jsView on unpkg · L1Package source executes code through a VM context API.
bundled/software/khyquant/services/backtestEngine.jsView on unpkg · L1Package source references weak cryptographic algorithms.
bundled/platform/packages/shared/src/services/gateway/example_plugins/cache-plugin.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
bundled/services/backend/tests/services/additionalDirectories.test.jsView on unpkg · L28A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bundled/services/backend/bin/khy.jsView on unpkg · L740Source matches reverse-shell style process and socket wiring.
bundled/services/ai-backend/src/services/securityGuardService.jsView on unpkg · L15Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bundled/scripts/diagnostics/fuzzInputCorpus.jsView on unpkg · L65Package ships WebAssembly modules.
bundled/software/khyquant/frontend/dist/wasm/khy-math-demo.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
bundled/tools/khyos-markdown/unregister-linux.shView on unpkgPackage ships compressed or archive-like blobs.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships high-entropy non-source blobs.
bundled/docs/07_OPS_运维/[OPS-MAN-043] 从0到高手-新手成长路线与pip安装后清单.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
bundled/services/ai-backend/test/fixtures/coze/sample-linear.zipView on unpkgPackage contains source files above the static scanner size ceiling.
bundled/tools/khyos-markdown/vendor/khyos-muya.jsView on unpkgHardcoded password in bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.js
bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.jsView on unpkg · L1Hardcoded password in bundled/apps/ai-frontend/dist/assets/Login-BD-XGBty.js
bundled/apps/ai-frontend/dist/assets/Login-BD-XGBty.jsView on unpkg · L1RSA private key in bundled/services/backend/tests/tools/securityScan.test.js
bundled/services/backend/tests/tools/securityScan.test.jsView on unpkg · L36Hardcoded password in bundled/services/backend/tests/auth.sessionSecurityRoutes.test.js
bundled/services/backend/tests/auth.sessionSecurityRoutes.test.jsView on unpkg · L85RSA private key in bundled/services/backend/tests/proxyServer.https.test.js
bundled/services/backend/tests/proxyServer.https.test.jsView on unpkg · L10Hardcoded password in bundled/services/backend/src/constants/commandSchema.js
bundled/services/backend/src/constants/commandSchema.jsView on unpkg · L234Hardcoded password in bundled/services/backend/src/routes/admin.js
bundled/services/backend/src/routes/admin.jsView on unpkg · L141Hardcoded password in bundled/services/backend/src/services/cliAuthService.js
bundled/services/backend/src/services/cliAuthService.jsView on unpkg · L282Hardcoded password in bundled/services/ai-backend/test/workflow.routes.test.js
bundled/services/ai-backend/test/workflow.routes.test.jsView on unpkg · L39