registry  /  @legioncodeinc/honeycomb  /  0.2.0

@legioncodeinc/honeycomb@0.2.0

Honeycomb monorepo foundation: a long-lived daemon plus thin clients for six coding harnesses, the unified honeycomb CLI, the MCP server, and the embed daemon.

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface from install or import. The package is an agent-memory CLI/daemon whose risky capabilities are explicit runtime/setup features.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs honeycomb setup/connect/install, starts daemon, logs in, or runs bundled hooks.
Impact
Captures agent session content to the local daemon and may sync to configured Honeycomb/DeepLake backend after user setup; no unconsented lifecycle agent hijack found.
Mechanism
User-invoked local daemon, hook wiring, capture, recall, and package-aligned telemetry/storage.
Rationale
Static inspection shows install-time code is limited to non-fatal dependency presence checks, while agent hook/config writes are explicit product setup paths and package-aligned. The dangerous primitives are expected for an agent-memory tool and are not delivered through unconsented npm lifecycle mutation or hidden exfiltration.
Evidence
package.jsonscripts/ensure-tree-sitter.mjsscripts/ensure-embed-deps.mjsbundle/cli.jsharnesses/codex/bundle/capture.jsembeddings/embed-daemon.js~/.claude/settings.json~/.codex/hooks.json~/.cursor/hooks.json~/.honeycomb/doctor.daemons.json~/.honeycomb/onboarding.json
Network endpoints3
127.0.0.1:3850api.deeplake.aius.i.posthog.com/i/v0/e/

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bundle/cli.js has user-invoked setup/connect code that writes agent hook configs under ~/.claude, ~/.codex, and ~/.cursor.
  • bundle/cli.js can register a Honeycomb daemon with ~/.honeycomb/doctor.daemons.json and sends opt-out Tier-1 telemetry to PostHog.
  • Hook bundles capture prompts/tool events and forward them to the local Honeycomb daemon.
Evidence against
  • package.json postinstall only runs scripts/ensure-tree-sitter.mjs and scripts/ensure-embed-deps.mjs sanity checks; they do not write files, download payloads, or install hooks.
  • bundle/cli.js agent hook wiring is activated by explicit CLI commands setup/connect/install, not npm lifecycle or import-time execution.
  • Hook and SDK network traffic is package-aligned loopback daemon traffic at 127.0.0.1:3850; DeepLake API use is part of login/storage behavior.
  • Connector install code preserves foreign hooks and removes only Honeycomb-marked entries on uninstall.
  • embeddings/embed-daemon.js loads @huggingface/transformers lazily for a fixed model and binds locally by default.
  • No credential harvesting, destructive actions, remote code execution, or lifecycle mutation of foreign agent control surfaces found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 27 file(s), 10.0 MB of source, external domains: 127.0.0.1, api.deeplake.ai, get.theapiary.sh, github.com, json-schema.org, raw.githubusercontent.com, spec.openapis.org, stackoverflow.com, tools.ietf.org, us.i.posthog.com, www.safaribooksonline.com, www.w3.org
Oversized source lightweight scan
daemon/index.js2.01 MB file, sampled 256 KB
FilesystemNetworkEnvironmentVarsCryptoHighEntropyStrings

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/ensure-tree-sitter.mjs && node scripts/ensure-embed-deps.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/ensure-tree-sitter.mjs && node scripts/ensure-embed-deps.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
harnesses/claude-code/bundle/pre-tool-use.jsView file
15999// dist/src/hooks/shared/project-resolver.js L16000: import { execFileSync } from "node:child_process"; L16001: import { existsSync as existsSync6, mkdirSync as mkdirSync7, readFileSync as readFileSync10, writeFileSync as writeFileSync7 } from "node:fs";
High
Child Process

Package source references child process execution.

harnesses/claude-code/bundle/pre-tool-use.jsView on unpkg · L15999
bundle/cli.jsView file
17689function [redacted](platform2 = process.platform) { L17690: const command = platform2 === "win32" ? 'powershell -c "& { $(irm https://get.theapiary.sh/install.ps1) } --products=honeycomb,doctor,hive"' : "curl -fsSL https://get.theapiary.sh ... L17691: return `Dashboard portal is not running; install it with ${command}.`;
High
Shell

Package source references shell execution.

bundle/cli.jsView on unpkg · L17689
94Cross-file remote execution chain: bundle/cli.js spawns harnesses/claude-code/bundle/pre-tool-use.js; helper contains network access plus dynamic code execution. L94: function createLoopbackDaemonClient(options = {}) { L95: const baseUrl = options.baseUrl ?? "http://127.0.0.1:3850"; L96: const headers = options.headers ?? {}; ... L100: async send(req) { L101: const qs = req.query !== void 0 && Object.keys(req.query).length > 0 ? `?${new URLSearchParams(req.query).toString()}` : ""; L102: const sessionHeaders = isSessionGroupPath(req.path) ? { "x-honeycomb-runtime-path": CLI_RUNTIME_PATH, "x-honeycomb-session": mintSession() } : {}; ... L109: try { L110: body = await res.json(); L111: } catch { ... L171: out(`error: prune failed (daemon ${res.status}).`); L172: return { exitCode: 1 }; L173: }
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

bundle/cli.jsView on unpkg · L94
94function createLoopbackDaemonClient(options = {}) { L95: const baseUrl = options.baseUrl ?? "http://127.0.0.1:3850"; L96: const headers = options.headers ?? {}; ... L100: async send(req) { L101: const qs = req.query !== void 0 && Object.keys(req.query).length > 0 ? `?${new URLSearchParams(req.query).toString()}` : ""; L102: const sessionHeaders = isSessionGroupPath(req.path) ? { "x-honeycomb-runtime-path": CLI_RUNTIME_PATH, "x-honeycomb-session": mintSession() } : {}; ... L109: try { L110: body = await res.json(); L111: } catch { ... L171: out(`error: prune failed (daemon ${res.status}).`); L172: return { exitCode: 1 }; L173: }
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

bundle/cli.jsView on unpkg · L94
embeddings/embed-daemon.jsView file
34const moduleSpecifier = "@huggingface/transformers"; L35: const dynamicImport = new Function("m", "return import(m);"); L36: return await dynamicImport(moduleSpecifier);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

embeddings/embed-daemon.jsView on unpkg · L34
34const moduleSpecifier = "@huggingface/transformers"; L35: const dynamicImport = new Function("m", "return import(m);"); L36: return await dynamicImport(moduleSpecifier);
Low
Eval

Package source references a known benign dynamic code generation pattern.

embeddings/embed-daemon.jsView on unpkg · L34
daemon/restart-helper.jsView file
1// dist/src/daemon/restart-helper.js L2: import { spawn } from "node:child_process"; L3: var port = Number(process.env.HONEYCOMB_RESTART_PORT ?? "3850"); L4: var entry = process.env.HONEYCOMB_RESTART_ENTRY ?? ""; ... L8: var LOCK_RELEASE_GRACE_MS = 800; L9: var healthUrl = `http://127.0.0.1:${Number.isFinite(port) && port > 0 ? port : 3850}/health`; L10: async function stillUp() {
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

daemon/restart-helper.jsView on unpkg · L1
assets/logos/fonts/JetBrainsMono-Regular.woff2View file
path = [redacted]-Regular.woff2 kind = high_entropy_blob sizeBytes = 92164 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

assets/logos/fonts/JetBrainsMono-Regular.woff2View on unpkg
daemon/index.jsView file
path = daemon/index.js kind = oversized_source_file sizeBytes = 2111749 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

daemon/index.jsView on unpkg
harnesses/codex/bundle/capture.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @legioncodeinc/honeycomb@0.1.14 matchedIdentity = npm:[redacted]:0.1.14 similarity = 0.481 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

harnesses/codex/bundle/capture.jsView on unpkg

Findings

1 Critical7 High6 Medium6 Low
CriticalPrevious Version Dangerous Deltaharnesses/codex/bundle/capture.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processharnesses/claude-code/bundle/pre-tool-use.js
HighShellbundle/cli.js
HighSame File Env Network Executiondaemon/restart-helper.js
HighCross File Remote Execution Contextbundle/cli.js
HighShips High Entropy Blobassets/logos/fonts/JetBrainsMono-Regular.woff2
HighOversized Source Filedaemon/index.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requireembeddings/embed-daemon.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencebundle/cli.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvalembeddings/embed-daemon.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License