registry  /  @onedigitas/kitcode  /  0.1.16

@onedigitas/kitcode@0.1.16

Local aggregate activity server for KitCode.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Explicit integration setup persists KitCode hooks and skills in Codex/Claude user configuration. The hook runs local KitCode code for prompt submissions and emits reward context; no remote payload or data-exfiltration chain was confirmed.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `kitcode codex on` or `kitcode claude on`, then submits prompts in the configured agent.
Impact
Persistent prompt-time local command execution and agent-context injection until explicitly removed.
Mechanism
User-invoked AI-agent hook and skill installation with local tracker integration.
Rationale
Source establishes an explicit-user, first-party agent-extension lifecycle risk rather than concrete malware. Warn so the integration's persistent prompt-time behavior is visible to users.
Evidence
package.jsonbin/kitcode.mjssrc/integration-installers.mjssrc/hook-installers.mjssrc/skill-installer.mjssrc/hook-prompt.mjs~/.kitcode/bin/kitcode~/.codex/hooks.json~/.codex/skills/kitcode/SKILL.md~/.claude/settings.json~/.claude/skills/kitcode/SKILL.md~/.kitcode/state.json
Network endpoints2
127.0.0.1:4747kitcode.onedigitas.com/

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `codex on` and `claude on` write prompt-hook configs under user home directories.
  • Installed hooks invoke the package runner on every `UserPromptSubmit`.
  • Installation also writes agent `SKILL.md` files that direct agent command execution.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • Agent integration is activated only by explicit `kitcode codex|claude on` commands.
  • Reviewed network use is a local health/API server; no credential collection or exfiltration found.
  • Child processes open URLs, Electron windows, notifications, or the package's own tracker.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 30 file(s), 167 KB of source, external domains: 127.0.0.1, github.com, kitcode.onedigitas.com

Source & flagged code

4 flagged · loading source
bin/kitcode.mjsView file
3import fs from 'node:fs'; L4: import {spawn} from 'node:child_process'; L5: import {createRequire} from 'node:module';
High
Child Process

Package source references child process execution.

bin/kitcode.mjsView on unpkg · L3
232function terminalUrl(options) { L233: return `http://${options.host}:${options.port}/terminal`; L234: } ... L241: const entryPath = path.resolve(fileURLToPath(new URL('../src/terminal-electron.mjs', import.meta.url))); L242: const child = spawn(electronPath, [entryPath], { L243: detached: true, L244: env: { L245: ...process.env, L246: KITCODE_TERMINAL_URL: url,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

bin/kitcode.mjsView on unpkg · L232
matchType = previous_version_dangerous_delta matchedPackage = @onedigitas/kitcode@0.1.15 matchedIdentity = npm:QG9uZWRpZ2l0YXMva2l0Y29kZQ:0.1.15 similarity = 0.625 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/kitcode.mjsView on unpkg
src/hook-prompt.mjsView file
55? { L56: bin: 'powershell.exe', L57: args: ['-NoProfile', '-Command', `[void][System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms'); [System.Windows.Forms.MessageBox]::Show(${JSON.stringify(message)...
High
Shell

Package source references shell execution.

src/hook-prompt.mjsView on unpkg · L55

Findings

4 High2 Medium4 Low
HighChild Processbin/kitcode.mjs
HighShellsrc/hook-prompt.mjs
HighSame File Env Network Executionbin/kitcode.mjs
HighPrevious Version Dangerous Deltabin/kitcode.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings