registry  /  hyve-system  /  2026.7.1

hyve-system@2026.7.1

CLI do HYVE System — instala, autentica e mantém o framework atualizado

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a HYVE CLI that authenticates users, downloads signed/hashed framework releases, installs or updates a chosen System directory, and creates tool skill bridges as part of that explicit workflow.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs hyve-system login/init/update/station/clean.
Impact
Can write/update the selected System directory and local HYVE CLI config/session files; no unconsented install-time execution or exfiltration found.
Mechanism
User-invoked authenticated framework installer/updater with fixed git/npm/tar/browser commands
Rationale
Source inspection shows risky primitives, but they are package-aligned and activated by explicit CLI commands for authentication, installation, update, or local station startup. I found no lifecycle execution, hidden credential harvesting, destructive behavior, or unconsented AI-agent control-surface mutation.
Evidence
package.jsondist/index.jsdist/framework-sync.jsdist/lab-client.jsdist/commands/login.jsdist/commands/init.jsdist/commands/update.jsdist/skill-bridges.jsdist/auth-store.jsdist/commands/clean.js~/.hyve/auth.json~/.hyve/config.json<targetDir>/.hyve/receipt.json<targetDir>/.hyve-backup/<version>/<targetDir>/.claude/skills/<targetDir>/.agents/skills/<targetDir>/station/.next/cache
Network endpoints3
lab.hyve.companyvobsudkxawzktwgilbae.supabase.corelease.download_url from /api/releases/latest

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/framework-sync.js downloads release tarballs from Lab and extracts with execFile('tar').
  • dist/commands/init.js and dist/commands/update.js run git/npm and modify a target project after explicit CLI commands.
  • dist/skill-bridges.js creates .claude/skills and .agents/skills bridges from downloaded framework content.
Evidence against
  • package.json has no install/postinstall/prepare hook; prepublishOnly only runs build before publishing.
  • dist/index.js only registers commander subcommands; no import-time harvesting or hidden execution found.
  • Network calls are aligned with login/licensing/release update flow: lab.hyve.company and Supabase auth.
  • dist/lab-client.js embeds a Supabase anon key with role anon, not a service credential.
  • dist/auth-store.js stores only the CLI's own OAuth session in ~/.hyve/auth.json with mode 0600.
  • Shell execution uses execFile/spawn with fixed commands and is activated by user-run commands, not install time.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 76.1 KB of source, external domains: lab.hyve.company, vobsudkxawzktwgilbae.supabase.co

Source & flagged code

6 flagged · loading source
dist/lab-client.jsView file
23patternName = supabase_service_key severity = critical line = 23 matchedText = const LA...ima)
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/lab-client.jsView on unpkg · L23
23patternName = supabase_service_key severity = critical line = 23 matchedText = const LA...ima)
Critical
Secret Pattern

Supabase service role key (JWT) in dist/lab-client.js

dist/lab-client.jsView on unpkg · L23
dist/framework-sync.jsView file
matchType = previous_version_dangerous_delta matchedPackage = hyve-system@0.8.9 matchedIdentity = npm:aHl2ZS1zeXN0ZW0:0.8.9 similarity = 0.733 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/framework-sync.jsView on unpkg
1import { execFile } from 'node:child_process'; L2: import { promisify } from 'node:util';
High
Child Process

Package source references child process execution.

dist/framework-sync.jsView on unpkg · L1
1import { execFile } from 'node:child_process'; L2: import { promisify } from 'node:util'; ... L13: */ L14: export const API_BASE = process.env.HYVE_LAB_API_URL ?? 'https://lab.hyve.company'; L15: /**
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/framework-sync.jsView on unpkg · L1
dist/commands/login.jsView file
1import { spawn } from 'node:child_process'; L2: import { getLabClient } from '../lab-client.js'; ... L5: /** Base do app Next do Lab (endpoints /api/device/*). Override pra testar local. */ L6: const API_BASE = process.env.HYVE_LAB_API_URL ?? 'https://lab.hyve.company'; L7: /** Único caminho de login: device authorization flow (autoriza pelo navegador). */ ... L11: function openBrowser(url) { L12: const platform = process.platform; L13: const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'cmd' : 'xdg-open'; ... L32: sp.error(`O Lab respondeu ${res.status}. Tente de novo em instantes.`); L33: process.exitCode = 1; L34: return; L35: }
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/commands/login.jsView on unpkg · L1

Findings

3 Critical4 High3 Medium5 Low
CriticalCritical Secretdist/lab-client.js
CriticalPrevious Version Dangerous Deltadist/framework-sync.js
CriticalSecret Patterndist/lab-client.js
HighChild Processdist/framework-sync.js
HighShell
HighSame File Env Network Executiondist/framework-sync.js
HighSandbox Evasion Gated Capabilitydist/commands/login.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings