registry  /  @onedigitas/kitcode  /  0.1.7

@onedigitas/kitcode@0.1.7

Local aggregate activity server for KitCode.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked local tracking server with optional Codex/Claude hook integration for reward notifications.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Running `kitcode`, `kitcode serve`, `kitcode codex on`, or `kitcode claude on`.
Impact
Tracks local project activity/reward state and can add opt-in agent hooks; no exfiltration or unconsented lifecycle mutation observed.
Mechanism
local server, filesystem state, optional agent hook/skill installer
Rationale
Static inspection shows explicit CLI commands for a local activity/reward tool, including opt-in agent hook installation, with no lifecycle execution, credential theft, payload loading, or exfiltration. The risky primitives are aligned with the advertised local server and integration features.
Evidence
package.jsonbin/kitcode.mjssrc/hook-prompt.mjssrc/hook-installers.mjssrc/skill-installer.mjssrc/runner-installer.mjssrc/api.mjssrc/runtime.mjssrc/store.mjssrc/cors.mjssrc/git.mjssrc/vibe.mjs~/.kitcode/state.json~/.kitcode/hook.log~/.kitcode/bin/kitcode~/.kitcode/bin/kitcode.cmd~/.codex/hooks.json~/.codex/skills/kitcode/SKILL.md~/.claude/settings.json~/.claude/skills/kitcode/SKILL.md
Network endpoints10
kitcode.onedigitas.com/kitcode.onedigitas.com127.0.0.1:4747localhost:8686127.0.0.1:8686localhost:3000127.0.0.1:3000localhost:5173127.0.0.1:5173github.com/onedigitas/kit-code/blob/main/README.md

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • User-invoked `codex on`/`claude on` writes agent hook configs and skills via src/hook-installers.mjs and src/skill-installer.mjs.
  • src/runner-installer.mjs creates ~/.kitcode/bin/kitcode runner that can fall back to `npx -y @onedigitas/kitcode`.
  • bin/kitcode.mjs opens external dashboard URL when run unless disabled.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks.
  • AI-agent hook installation is explicit CLI functionality, not import-time or install-time execution.
  • src/hook-prompt.mjs only reads hook stdin, checks local reward state, sends desktop notification, and emits bounded hook context.
  • No credential/env harvesting, remote payload download, destructive behavior, persistence beyond user-invoked local integration files, or network exfiltration found.
  • Network use is package-aligned: local health check/server and documented dashboard URL.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 15 file(s), 67.1 KB of source, external domains: 127.0.0.1, github.com, kitcode.onedigitas.com

Source & flagged code

1 flagged · loading source
bin/kitcode.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @onedigitas/kitcode@0.1.2 matchedIdentity = npm:QG9uZWRpZ2l0YXMva2l0Y29kZQ:0.1.2 similarity = 0.636 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/kitcode.mjsView on unpkg

Findings

1 Critical2 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/kitcode.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings