registry  /  @testmuai/kane-cli  /  0.6.1

@testmuai/kane-cli@0.6.1

KaneAI Terminal UI — browser automation testing agent

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `kane-cli install skill [version]`.
Impact
Downloaded instructions/content gain availability to supported local AI agents after restart.
Mechanism
Remote skill download, tar extraction, and AI-agent skill-directory replacement.
Rationale
The package contains an explicit-user-command AI-agent skill installer, so it warrants a warning for capability risk. Source inspection found no automatic lifecycle activation or concrete malicious chain.
Evidence
package.jsonbin/kane-cli.jsdist/index.jsdist/skill-installer-BJLHH3DW.jsdist/chunk-HMGNPFXP.jsdist/chunk-7SUKUJO2.js~/.claude/skills/kane-cli~/.agents/skills/kane-cli~/.gemini/skills/kane-cli
Network endpoints1
registry.npmjs.org

Decision evidence

public snapshot
AI called this Suspicious at 94.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js` exposes explicit `install skill` command.
  • `dist/skill-installer-BJLHH3DW.js` downloads a remote skill tarball and extracts it with `tar`.
  • `dist/skill-installer-BJLHH3DW.js` replaces agent skill directories before copying downloaded content.
  • `dist/chunk-HMGNPFXP.js` targets Claude, Codex, and Gemini skill paths.
Evidence against
  • `package.json` has no lifecycle scripts.
  • `bin/kane-cli.js` only imports the CLI entrypoint; installation does not invoke skill setup.
  • Agent-directory writes require the user-invoked `kane-cli install skill` command.
  • No credential harvesting, stealth persistence, destructive broad deletion, or exfiltration chain was confirmed.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 186 file(s), 2.34 MB of source, external domains: 127.0.0.1, accounts.lambdatest.com, api-hyperexecute.lambdatest.com, api-stage-hyperexecute.lambdatestinternal.com, api.github.com, api.lambdatest.com, auteur-stage-automind.lambdatestinternal.com, auth.lambdatest.com, dd-proxy.lambdatest.com, dl.google.com, evidence-cli.dev, evidence.lambdatest.com, example.com, feross.org, github.com, json-schema.org, kaneai-api.lambdatest.com, kaneai-playground.lambdatest.io, raw.githubusercontent.com, reactjs.org, registry.npmjs.org, sheetjs.com, stage-accounts.lambdatestinternal.com, stage-api.lambdatestinternal.com, stage-auth.lambdatestinternal.com, stage-evidence.lambdatestinternal.com, stage-test-manager-api.lambdatestinternal.com, stage-test-manager.lambdatestinternal.com, test-manager-api.lambdatest.com, test-manager.lambdatest.com, www.google.com, www.testmuai.com

Source & flagged code

7 flagged · loading source
dist/chunk-WGG5XURS.jsView file
3`),await se.rename(o,i)}async function er(e){try{let t=await vt(e);return t&&Array.isArray(t.executions)?t.executions:[]}catch{return[]}}async function tr(e,t,r=process.cwd()){let ... L4: `;cr(wt(e,"diagnostics.ndjson"),o)}catch{}}import{promises as $}from"fs";import{join as G}from"path";async function ar(e){try{let t=G(e,"tests"),r=await $.readdir(t).catch(()=>[]);... L5: `)){let s=/^@import\s+(\S+)\s*$/.exec(a.trim());if(!s)continue;let u=Ft(s[1])?s[1]:Lt($t(i),s[1]);ze(u)&&U(Z(u,"utf8"))?.id&&n(u)}t.push({path:i})};return n(e),t}function At(e,t){l...
High
Child Process

Package source references child process execution.

dist/chunk-WGG5XURS.jsView on unpkg · L3
dist/chunk-NFOBDHZK.jsView file
5|| (${a} === "string" && ${s} && ${s} == +${s} && !(${s} % 1))`).assign(o,(0,C._)`+${s}`);return;case"boolean":n.elseIf((0,C._)`${s} === "false" || ${s} === 0 || ${s} === null`).as... L6: || ${a} === "boolean" || ${s} === null`).assign(o,(0,C._)`[${s}]`)}}}function m_({gen:t,parentData:e,parentDataProperty:r},n){t.if((0,C._)`${e} !== undefined`,()=>t.assign((0,C._)`... L7: missingProperty: ${n},
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/chunk-NFOBDHZK.jsView on unpkg · L5
dist/chunk-WAGJLR5X.jsView file
1import { createRequire } from 'module'; const require = createRequire(import.meta.url); L2: import{a as Ge}from"./chunk-KHU7C6EE.js";import{a as je,b as Me}from"./chunk-NNZV5RCE.js";import{a as Ae,b as Te,c as Oe,f as Ie,g as Pe}from"./chunk-7DBQEOFL.js";import{a as Ce}fr...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-WAGJLR5X.jsView on unpkg · L1
dist/chunk-47RNFG2V.jsView file
1import { createRequire } from 'module'; const require = createRequire(import.meta.url); L2: import{a as da}from"./chunk-ZA67EBYF.js";import{a as zs,b as Vo,c as xn,d as Ys,e as vn,f as Ks,h as Js,i as Qs,j as Zs,k as ea,l as ta,m as St,n as ra,o as na,p as oa,q as bn,r as... L3: `;ig(i,{recursive:!0}),sg(a,f)}catch{}return a}var ke=k(M(),1);async function lg(e){let t=e?.getResolvedBasicAuth?.();if(t)return{username:t.username,access_key:t.access_key};let r... L4: `)}catch{}},[i]),et=(0,Z.useCallback)((X,Q)=>{let Y=Wl(Ce.current,Q.phase,X),G=typeof X?.status=="number"?X.status:void 0;Be(`${Q.phase}_error`,{errorCode:`${Q.phase}_failed`,statu... L5: `));return}if(zl(ae))return;et(ae,{phase:"upload"});return}finally{Ke.current=!1,Jt(!1),$e.current===ye&&($e.current=null)}if(!ye.signal.aborted){for(let ae of We.warnings)e.emitFe... L6: `));return}if(zl(ce))return;et(ce,{phase:"upload"});return}finally{Ke.current=!1,Jt(!1),$e.current===Y&&($e.current=null)}if(!Y.signal.aborted){for(let ce of G.warnings)e.emitFeedb... L7: `),pg(t,this.path)}catch(t){process.stderr.write(`[hints] Failed to save state: ${t instanceof Error?t.message:String(t)} ... L9: `),bg(o,r)}catch(n){process.stderr
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-47RNFG2V.jsView on unpkg · L1
dist/index.jsView file
14Expecting one of '${o.join("', '")}'`);return this._lifeCycleHooks[e]?this._lifeCycleHooks[e].push(t):this._lifeCycleHooks[e]=[t],this}exitOverride(e){return e?this._exitCallback=e... L15: - already used by option '${t.flags}'`)}this.options.push(e)}_registerCommand(e){let t=n=>[n.name()].concat(n.aliases()),o=t(e).find(n=>this._findCommand(n));if(o){let n=t(this._f... L16: - if '${e._name}' is not meant to be an executable command, remove description parameter from '.command()' and use '.description()' instead ... L25: `)}async function Yo(i,e,t){let o=Sn(i,e);ze().then(p=>{p&&Ce({type:"update_available",current:p.current,latest:p.latest,severity:p.severity})}).catch(()=>{}),Qe().then(p=>{p&&Ce({... L26: `),process.exit(2));let{runListTui:t,resolveCurrentOrgId:o}=await import("./testmd-actions-FMVUXZGX.js"),n=await o({});n.ok||process.exit(n.code),process.exit(await t(n.orgId))});u... L27: `),process.exit(2)),process.exit(await r(t,o))}),e.command("revert <seq>").description("Invert a record's effects via a compensation record \u2014 history is never rewritten").opti... ... L29: `)[0]}`)},signal:i.signal}}async function fr(i,e,t,o,n=ko){let r=he(i.relPath),s=Date.now();try{l
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L14
2Cross-file remote execution chain: dist/index.js spawns dist/chunk-HCBYKLMW.js; helper contains network access plus dynamic code execution. L2: import { createRequire } from 'module'; const require = createRequire(import.meta.url); L3: import{c as Qe}from"./chunk-7SUKUJO2.js";import{a as yn,b as Co,c as xo,d as Eo}from"./chunk-47RNFG2V.js";import"./chunk-ZA67EBYF.js";import"./chunk-R2K2SGGE.js";import{i as Ao}fro... L4: `).replace(/^/gm," ".repeat(r))}let c=[`Usage: ${t.commandUsage(e)}`,""],d=t.commandDescription(e);d.length>0&&(c=c.concat([t.wrap(d,n,0),""]));let h=t.visibleArguments(e).map(u=>a... ... L11: (Did you mean one of ${o.join(", ")}?)`:o.length===1?` L12: (Did you mean ${o[0]}?)`:""}Po.suggestSimilar=ei});var Fo=ye(No=>{"use strict";var ti=Te("events").EventEmitter,Rt=Te("child_process"),de=Te("path"),Ot=Te("fs"),j=Te("process"),{Ar... L13: - specify the name in Command constructor or using .name()`);return t=t||{},t.isDefault&&(this._defaultCommandName=e._name),(t.noHelp||t.hidden)&&(e._hidden=!0),this._registerComma... ... L24: `)}),this}_outputHelpIfRequested(e){let t=this._getHelpOption();t&&e.find(n=>t.is(n))&&(this.outputHelp(),this._exit(0,"commander.helpDispla…
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L2
dist/chunk-RFHMDQXZ.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @testmuai/kane-cli@0.4.10 matchedIdentity = npm:QHRlc3RtdWFpL2thbmUtY2xp:0.4.10 similarity = 0.363 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/chunk-RFHMDQXZ.jsView on unpkg

Findings

1 Critical4 High4 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/chunk-RFHMDQXZ.js
HighChild Processdist/chunk-WGG5XURS.js
HighSame File Env Network Executiondist/index.js
HighCross File Remote Execution Contextdist/index.js
HighObfuscated
MediumDynamic Requiredist/chunk-WAGJLR5X.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowEvaldist/chunk-NFOBDHZK.js
LowWeak Cryptodist/chunk-47RNFG2V.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings