AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. A bundled VS Code/Trae extension automatically runs after that extension is installed, obtains an authorized Trae session, and writes its credentials to a KHY-readable file. The npm postinstall installs bundled backend dependencies but does not install or activate that extension.
Decision evidence
public snapshot- `bundled/extensions/khy-trae-bridge/extension.js` auto-activates and requests the `icube.marscode` session.
- The extension writes access, refresh, and raw tokens to shared extension storage.
- Backend code reads the bridge token file and supports authenticated requests to Trae hosts.
- `scripts/postinstall.js` automatically invokes `scripts/devenv.js` during npm install.
- Postinstall runs `npm ci`/`npm install` inside the bundled backend when dependencies are absent.
- The npm postinstall does not install or activate the bundled VS Code extension.
- The extension requests authorization with `createIfNone: true` only after failed non-creating lookups.
- Token bridging is explicitly described by the shipped extension and backend as a KHY/Trae integration.
- No source inspected sends credentials to an unrelated endpoint or mutates foreign AI-agent configuration at install time.
- `index.js` only exports package and bundle paths.
Source & flagged code
41 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L19AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L30GitHub personal access token in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L31RSA private key in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L32AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L54AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L61AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L63AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L69AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L75AWS access key ID in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L128Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L41Hardcoded password in bundled/services/backend/tests/repoDisciplineRisk.test.js
bundled/services/backend/tests/repoDisciplineRisk.test.jsView on unpkg · L70Package source references dynamic require/import behavior.
bin/khy.jsView on unpkg · L18Package source references shell execution.
bundled/scripts/bench/win_cost_compact.jsView on unpkg · L14Package source references a known benign dynamic code generation pattern.
bundled/software/khyquant/frontend/dist/assets/IntelligentStrategySelector-DPLaZEuV.jsView on unpkg · L1Package source executes code through a VM context API.
bundled/software/khyquant/services/backtestEngine.jsView on unpkg · L1Package source references weak cryptographic algorithms.
bundled/platform/packages/shared/src/services/gateway/example_plugins/cache-plugin.jsView on unpkg · L1Source writes installer persistence such as shell profile or service configuration.
bundled/services/backend/tests/services/additionalDirectories.test.jsView on unpkg · L28A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bundled/services/backend/bin/khy.jsView on unpkg · L750Source matches reverse-shell style process and socket wiring.
bundled/services/backend/tests/services/skills/skillThreatScanner.test.jsView on unpkg · L25Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
bundled/scripts/diagnostics/fuzzInputCorpus.jsView on unpkg · L65Package ships WebAssembly modules.
bundled/software/khyquant/frontend/dist/wasm/khy-math-demo.wasmView on unpkgPackage ships non-JavaScript build or shell helper files.
bundled/tools/khyos-markdown/unregister-linux.shView on unpkgPackage ships high-entropy non-source blobs.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships compressed or archive-like blobs.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
bundled/extensions/khy-trae-bridge/khy-trae-bridge-0.2.1.vsixView on unpkgPackage hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.
bundled/services/ai-backend/test/fixtures/coze/sample-linear.zipView on unpkgPackage contains source files above the static scanner size ceiling.
bundled/tools/khyos-markdown/vendor/khyos-muya.jsView on unpkgThis package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
bundled/scripts/release/changelog-new.jsView on unpkgHardcoded password in bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.js
bundled/software/khyquant/frontend/dist/assets/Debug--vriC6bB.jsView on unpkg · L1Hardcoded password in bundled/apps/ai-frontend/dist/assets/Login-DstV2Oea.js
bundled/apps/ai-frontend/dist/assets/Login-DstV2Oea.jsView on unpkg · L1RSA private key in bundled/services/backend/tests/tools/securityScan.test.js
bundled/services/backend/tests/tools/securityScan.test.jsView on unpkg · L36Hardcoded password in bundled/services/backend/tests/auth.sessionSecurityRoutes.test.js
bundled/services/backend/tests/auth.sessionSecurityRoutes.test.jsView on unpkg · L85RSA private key in bundled/services/backend/tests/proxyServer.https.test.js
bundled/services/backend/tests/proxyServer.https.test.jsView on unpkg · L10Hardcoded password in bundled/services/backend/src/constants/commandSchema.js
bundled/services/backend/src/constants/commandSchema.jsView on unpkg · L238Hardcoded password in bundled/services/backend/src/routes/admin.js
bundled/services/backend/src/routes/admin.jsView on unpkg · L142Hardcoded password in bundled/services/backend/src/services/cliAuthService.js
bundled/services/backend/src/services/cliAuthService.jsView on unpkg · L282