registry  /  codeseek  /  0.1.29

codeseek@0.1.29

Code intelligence CLI for Claude Code — AST call graph analysis and hybrid semantic search (Dense + Sparse + RRF + Cross-Encoder Reranker) across 7 languages. Ships as MCP tools for Claude Code & Codex CLI.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No confirmed malicious install-time attack surface is established. Residual risk is user-invoked execution of an unverified first-party native binary downloaded from GitHub Releases, plus explicit CLI-managed MCP/git hook setup described in docs.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs the codeseek CLI after installation.
Impact
Remote native binary gains normal CLI process privileges and receives inherited environment; token is stored locally for embedding APIs.
Mechanism
download-and-execute native CLI wrapper
Rationale
Static inspection does not support a malicious verdict because the flagged install hook does not download, execute payloads, or mutate AI-agent config at install time. The unverified runtime native binary and documented agent-extension setup are real but package-aligned, user-invoked lifecycle risk, so warn rather than block.
Evidence
package.jsondist/install/download.jsdist/bin/codeseek.jsREADME.md~/.codeseek/config.json~/.codeseek/bin/codeseek~/.codeseek/bin/codeseek.exe~/.claude.json./.mcp.json~/.codex/config.toml
Network endpoints7
github.com/CodeBendKit/codeseek/releases/download/v0.1.29/codeseek-darwin-arm64github.com/CodeBendKit/codeseek/releases/download/v0.1.29/codeseek-darwin-x64github.com/CodeBendKit/codeseek/releases/download/v0.1.29/codeseek-linux-x64github.com/CodeBendKit/codeseek/releases/download/v0.1.29/codeseek-win32-x64.exeapi.siliconflow.cn/v1cloud.siliconflow.cn/account/akplatform.openai.com/api-keys

Decision evidence

public snapshot
AI called this Suspicious at 83.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/bin/codeseek.js downloads a GitHub Release binary to ~/.codeseek/bin on first CLI run and executes it via spawnSync.
  • dist/install/download.js fetches platform binaries over HTTPS without checksum/signature verification.
  • dist/bin/codeseek.js prompts for an API token and writes it to ~/.codeseek/config.json.
  • README.md documents explicit user commands that register MCP config for Claude Code/Codex and install git hooks.
Evidence against
  • package.json postinstall only requires dist/install/download.js; that module exports downloadBinary and has no top-level download or execution.
  • No install-time mutation of Claude/Codex config or git hooks found in shipped JS.
  • No JS evidence of credential exfiltration, destructive behavior, eval/vm/Function, or persistence.
  • Network endpoints are aligned with documented binary download and user-configured embedding providers.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 13.0 KB of source, external domains: api.siliconflow.cn, cloud.siliconflow.cn, github.com, platform.openai.com, siliconflow.cn

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node -e "var f='dist/install/download.js';require('fs').existsSync(f)&&require('./'+f)" || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg

Findings

1 Critical1 High3 Medium5 Low
CriticalRed Install Lifecycle Scriptpackage.json
HighInstall Time Lifecycle Scriptspackage.json
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings