AI Security Review
scanned 8h ago · by lpm-firewall-ai`postinstall` silently performs a nested dependency install and decrypts a bundled archive used to verify and potentially rewrite runtime source. The opaque archive is recoverable with a package-embedded default secret; its payload cannot be source-reviewed directly without executing/decrypting it.
Decision evidence
public snapshot- `scripts/postinstall.js` runs automatically after npm installation.
- `scripts/devenv.js` invokes `npm ci`/`npm install` in `bundled/services/backend` when dependencies are absent.
- Postinstall invokes `runStartupHeal`, which decrypts the bundled `_source` archive and can replace installed backend source files.
- `sourceSnapshotCrypto.js` embeds a default decryption secret, making `bundled/_source/khy-os-source.tar.gz.enc` an opaque but executable carrier.
- Bundled `khy-trae-bridge` reads a Trae authentication token and writes it to a bridge file when that separately installed extension activates.
- No inspected lifecycle code sends credentials or files to a remote endpoint.
- The source-heal writer is limited to package backend source paths, rejects traversal, caps automatic changes, and avoids deleting extra files.
- MCP configuration writes target KHY-owned `~/.khy/mcp.json` or project `.khy/mcp.json`, not foreign agent configuration.
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L30GitHub personal access token in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L31RSA private key in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L32AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L54AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L61AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L63AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L69AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L75AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L128Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L41Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L70Package source references dynamic require/import behavior.
bin/khy.jsView on unpkg · L18Package source references shell execution.
bundled/scripts/bench/win_cost_compact.jsView on unpkg · L14Package source references a known benign dynamic code generation pattern.
bundled/software/khyquant/frontend/dist/assets/IntelligentStrategySelector-DPLaZEuV.jsView on unpkg · L1Package source executes code through a VM context API.
bundled/software/khyquant/services/backtestEngine.jsView on unpkg · L1Package source references weak cryptographic algorithms.
bundled/platform/packages/shared/src/services/gateway/example_plugins/cache-plugin.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
bundled/services/backend/tests/services/additionalDirectories.test.jsView on unpkg · L28A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bundled/services/backend/bin/khy.jsView on unpkg · L750Source matches reverse-shell style process and socket wiring.
bundled/services/backend/tests/services/skills/skillThreatScanner.test.jsView on unpkg · L25Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bundled/scripts/diagnostics/fuzzInputCorpus.jsView on unpkg · L65Package ships WebAssembly modules.
bundled/software/khyquant/frontend/dist/wasm/khy-math-demo.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
bundled/tools/khyos-markdown/unregister-linux.shView on unpkgPackage ships compressed or archive-like blobs.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships high-entropy non-source blobs.
bundled/docs/07_OPS_运维/[OPS-MAN-043] 从0到高手-新手成长路线与pip安装后清单.pdfView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
bundled/services/backend/.tmp-typeset-test/paper.docxView on unpkgPackage contains source files above the static scanner size ceiling.
bundled/tools/khyos-markdown/vendor/khyos-muya.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bundled/scripts/check-duplication.jsView on unpkgHardcoded password in bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.js
bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.jsView on unpkg · L1Hardcoded password in bundled/apps/ai-frontend/dist/assets/Login-C15hhfkr.js
bundled/apps/ai-frontend/dist/assets/Login-C15hhfkr.jsView on unpkg · L1RSA private key in bundled/services/backend/tests/tools/securityScan.test.js
bundled/services/backend/tests/tools/securityScan.test.jsView on unpkg · L36Hardcoded password in bundled/services/backend/tests/auth.sessionSecurityRoutes.test.js
bundled/services/backend/tests/auth.sessionSecurityRoutes.test.jsView on unpkg · L85RSA private key in bundled/services/backend/tests/proxyServer.https.test.js
bundled/services/backend/tests/proxyServer.https.test.jsView on unpkg · L10Hardcoded password in bundled/services/backend/src/constants/commandSchema.js
bundled/services/backend/src/constants/commandSchema.jsView on unpkg · L236Hardcoded password in bundled/services/backend/src/routes/admin.js
bundled/services/backend/src/routes/admin.jsView on unpkg · L141Hardcoded password in bundled/services/backend/src/services/cliAuthService.js
bundled/services/backend/src/services/cliAuthService.jsView on unpkg · L282