registry  /  codeseek  /  0.1.26

codeseek@0.1.26

Code intelligence CLI for Claude Code — AST call graph analysis and hybrid semantic search (Dense + Sparse + RRF + Cross-Encoder Reranker) across 7 languages. Ships as MCP tools for Claude Code & Codex CLI.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

The package is a JS wrapper that can fetch and execute a native CodeSeek binary from GitHub on first CLI run. The fetched executable is not included in this npm tarball and is not integrity-verified by the wrapper, leaving unresolved staged-payload risk but no confirmed malicious JS behavior.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the codeseek CLI after installation and ~/.codeseek/bin/codeseek is absent.
Impact
Downloaded binary runs with inherited environment; behavior of that external payload is not inspectable from this package source.
Mechanism
unverified runtime native binary download and execution
Attack narrative
On first CLI use, dist/bin/codeseek.js prompts for configuration, then downloads a platform-specific executable from GitHub Releases into ~/.codeseek/bin, chmods it, and executes it via spawnSync with process.env. The wrapper does not pin or verify a digest/signature, so the npm package acts as a carrier/loader for external native code, though the inspected JavaScript does not itself steal data or mutate agent configuration.
Rationale
Static inspection did not confirm malicious behavior in the shipped JavaScript, and the postinstall hook is inert because it only imports a module exporting downloadBinary. The unresolved risk is the unverified native binary downloaded and executed at user-invoked runtime, so warn rather than block.
Evidence
package.jsondist/install/download.jsdist/bin/codeseek.jsREADME.md~/.codeseek/config.json~/.codeseek/bin/codeseek~/.codeseek/bin/codeseek.exe
Network endpoints6
github.com/CodeBendKit/codeseek/releases/download/v0.1.26/codeseek-<platform>api.siliconflow.cn/v1cloud.siliconflow.cn/account/akplatform.openai.com/api-keyssiliconflow.cnplatform.openai.com

Decision evidence

public snapshot
AI called this Suspicious at 78.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/install/download.js builds GitHub Releases URL and downloads a platform executable without checksum/signature verification.
  • dist/bin/codeseek.js downloads missing ~/.codeseek/bin/codeseek, chmods it, then spawnSync executes it with inherited env.
  • package.json postinstall requires dist/install/download.js, but that module only exports downloadBinary and does not call it at install time.
  • README.md documents MCP/Codex/Claude integration and git-hook commands implemented by the downloaded native binary, not visible in this package source.
Evidence against
  • No install-time payload execution confirmed from inspected JS; postinstall import is inert aside from module initialization.
  • No credential harvesting or exfiltration logic found in package JS; API token is user-prompted and written to local config.
  • Network use is package-aligned: GitHub release binary download and user-configured embedding API endpoints.
  • No obfuscation, eval, persistence, destructive behavior, or AI-agent config writes found in shipped JS files.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.0 KB of source, external domains: api.siliconflow.cn, cloud.siliconflow.cn, github.com, platform.openai.com, siliconflow.cn

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings