registry  /  @onedigitas/kitcode  /  0.1.2

@onedigitas/kitcode@0.1.2

Local aggregate activity server for KitCode.

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local activity/reward server with optional documented Codex/Claude notification hooks.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs kitcode CLI commands, especially serve/run or codex/claude on.
Impact
Local aggregate activity is served to allowed origins; optional hooks add reward reminders only after explicit installation.
Mechanism
local server, project activity scanning, optional AI hook notification
Rationale
Source inspection shows potentially sensitive primitives are aligned with the advertised local companion server and explicit hook installer workflow. There is no install-time execution, unconsented AI-agent hook mutation, credential collection, destructive behavior, or remote exfiltration.
Evidence
package.jsonbin/kitcode.mjssrc/api.mjssrc/cors.mjssrc/git.mjssrc/hook-installers.mjssrc/hook-prompt.mjssrc/runtime.mjssrc/store.mjssrc/vibe.mjsREADME.md~/.kitcode/state.json~/.kitcode/hook.log~/.codex/hooks.json~/.claude/settings.jsontracked project files read for hashed aggregate counts
Network endpoints9
kitcode.onedigitas.com/kitcode.onedigitas.com127.0.0.1:4747localhost:8686127.0.0.1:8686localhost:3000127.0.0.1:3000localhost:5173127.0.0.1:5173

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • src/hook-installers.mjs can write ~/.codex/hooks.json and ~/.claude/settings.json when user runs codex/claude on.
  • src/hook-prompt.mjs injects a short hookSpecificOutput reminder into Codex/Claude prompts after reward milestones.
  • src/vibe.mjs recursively reads local project files to count hashed line changes.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts.
  • bin/kitcode.mjs only runs as CLI bin; default starts local server on 127.0.0.1.
  • README.md documents local server, dashboard CORS, and Codex/Claude hook commands.
  • src/api.mjs exposes aggregate summary/reward endpoints, not raw source or file-read endpoints.
  • No credential harvesting, remote payload loading, eval/vm/Function, or outbound exfiltration found.
  • Hook installation is explicit via kitcode codex on or kitcode claude on, not automatic at install/import time.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 11 file(s), 53.6 KB of source, external domains: 127.0.0.1, kitcode.onedigitas.com

Source & flagged code

1 flagged · loading source
bin/kitcode.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @onedigitas/kitcode@0.1.1 matchedIdentity = npm:QG9uZWRpZ2l0YXMva2l0Y29kZQ:0.1.1 similarity = 0.545 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/kitcode.mjsView on unpkg

Findings

1 Critical2 Medium3 Low
CriticalPrevious Version Dangerous Deltabin/kitcode.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowUrl Strings