AI Security Review
scanned 2h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `eve setup` command creates a first-party Claude skill, registers `eve mcp` at Claude user scope, and adds a zsh completion block. Runtime asks and explicitly selected attachments are sent to the configured Eve service.
Static reason
No blocking static signals were detected.
Trigger
User runs `eve setup` or invokes CLI/MCP ask and attachment features.
Impact
Persists a package-owned Claude integration and shell configuration; user-provided prompts, stdin, or selected files can reach the Eve endpoint.
Mechanism
Explicit agent-extension setup and user-directed service uploads.
Rationale
No concrete malicious chain is present, but the package has an explicit user-command agent-extension lifecycle capability that persists user-scope Claude and shell configuration. Per policy this warrants a warning rather than a block.
Evidence
package.jsondist/cli.jsdist/chunk-tjvrk2p8.jsdist/chunk-qnd4dzm5.jsdist/chunk-a3kazvrp.jsdist/tui/index.js~/.claude/skills/eve/SKILL.md~/.zshrc~/.config/eve-cli/config.json~/.config/eve-cli/completions/_eve~/.cache/eve-cli/update-check.json~/.claude/skills/vitrinka
Network endpoints2
eve.dev.lovinka.comregistry.npmjs.org/@lovinka%2Feve/latest
Decision evidence
public snapshotAI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/chunk-tjvrk2p8.js` setup writes `~/.claude/skills/eve/SKILL.md` and registers user-scope Claude MCP.
- `dist/chunk-tjvrk2p8.js` setup modifies `~/.zshrc` and can pull the local vitrinka checkout.
- `dist/cli.js` exposes setup only as an explicit `eve setup` command; no lifecycle hook invokes it.
Evidence against
- `package.json` has no preinstall, install, postinstall, prepare, or other lifecycle scripts.
- `dist/cli.js` networks to the configured Eve service only after CLI/MCP user actions.
- `dist/chunk-a3kazvrp.js` sends stdin context only when piped into `eve ask`; TUI file uploads require explicit `@path` or `/attach`.
- No eval/vm/native loading, hidden credential harvesting, destructive deletion, or import-time side effects found in distributed source.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-tjvrk2p8.jsView file
19// src/commands/setup.ts
L20: import { spawnSync } from "node:child_process";
L21: import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
...
L34: The \`eve\` CLI (\`@lovinka/eve\`, source \`eve-ai-layer/packages/eve-cli\`) talks to the
L35: eve agent at \`https://eve.dev.lovinka.com\`. Asks ride eve's **interactive priority
L36: lane** when it is busy — they jump ahead of queued board/review work.
...
L44:
L45: - \`--json\` → single JSON object on stdout:
L46: \`{status: "done"|"failed"|"waiting", answer, sessionId, consoleUrl, transport}\`.
...
L128: writeFileSync(join(dir, "_eve"), ZSH_SCRIPT);
L129: const zshrc = join(homedir(), ".zshrc");
L130: const current = existsSync(zshrc) ? readFileSync(zshrc, "utf8") : "";
Medium
Install Persistence
Source writes installer persistence such as shell profile or service configuration.
dist/chunk-tjvrk2p8.jsView on unpkg · L19Findings
3 Medium4 Low
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/chunk-tjvrk2p8.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings