registry  /  @lovinka/eve  /  0.2.1

@lovinka/eve@0.2.1

Terminal client for eve — chat TUI, priority-lane asks, live control plane, approvals.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `eve setup` command creates a first-party Claude skill, registers `eve mcp` at Claude user scope, and adds a zsh completion block. Runtime asks and explicitly selected attachments are sent to the configured Eve service.

Static reason
No blocking static signals were detected.
Trigger
User runs `eve setup` or invokes CLI/MCP ask and attachment features.
Impact
Persists a package-owned Claude integration and shell configuration; user-provided prompts, stdin, or selected files can reach the Eve endpoint.
Mechanism
Explicit agent-extension setup and user-directed service uploads.
Rationale
No concrete malicious chain is present, but the package has an explicit user-command agent-extension lifecycle capability that persists user-scope Claude and shell configuration. Per policy this warrants a warning rather than a block.
Evidence
package.jsondist/cli.jsdist/chunk-tjvrk2p8.jsdist/chunk-qnd4dzm5.jsdist/chunk-a3kazvrp.jsdist/tui/index.js~/.claude/skills/eve/SKILL.md~/.zshrc~/.config/eve-cli/config.json~/.config/eve-cli/completions/_eve~/.cache/eve-cli/update-check.json~/.claude/skills/vitrinka
Network endpoints2
eve.dev.lovinka.comregistry.npmjs.org/@lovinka%2Feve/latest

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/chunk-tjvrk2p8.js` setup writes `~/.claude/skills/eve/SKILL.md` and registers user-scope Claude MCP.
  • `dist/chunk-tjvrk2p8.js` setup modifies `~/.zshrc` and can pull the local vitrinka checkout.
  • `dist/cli.js` exposes setup only as an explicit `eve setup` command; no lifecycle hook invokes it.
Evidence against
  • `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle scripts.
  • `dist/cli.js` networks to the configured Eve service only after CLI/MCP user actions.
  • `dist/chunk-a3kazvrp.js` sends stdin context only when piped into `eve ask`; TUI file uploads require explicit `@path` or `/attach`.
  • No eval/vm/native loading, hidden credential harvesting, destructive deletion, or import-time side effects found in distributed source.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 21 file(s), 105 KB of source, external domains: eve.dev.lovinka.com, github.com, registry.npmjs.org

Source & flagged code

1 flagged · loading source
dist/chunk-tjvrk2p8.jsView file
19// src/commands/setup.ts L20: import { spawnSync } from "node:child_process"; L21: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; ... L34: The \`eve\` CLI (\`@lovinka/eve\`, source \`eve-ai-layer/packages/eve-cli\`) talks to the L35: eve agent at \`https://eve.dev.lovinka.com\`. Asks ride eve's **interactive priority L36: lane** when it is busy — they jump ahead of queued board/review work. ... L44: L45: - \`--json\` → single JSON object on stdout: L46: \`{status: "done"|"failed"|"waiting", answer, sessionId, consoleUrl, transport}\`. ... L128: writeFileSync(join(dir, "_eve"), ZSH_SCRIPT); L129: const zshrc = join(homedir(), ".zshrc"); L130: const current = existsSync(zshrc) ? readFileSync(zshrc, "utf8") : "";
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/chunk-tjvrk2p8.jsView on unpkg · L19

Findings

3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-tjvrk2p8.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings