registry  /  keen-code  /  0.29.0

keen-code@0.29.0

CLI coding agent powered by AI (npm compatibility wrapper)

AI Security Review

scanned 3d ago · by lpm-firewall-ai

Install-time code fetches a remote platform binary, verifies it only against a checksum retrieved from the same remote release, and installs it under this package. The CLI later executes that binary.

Static reason
One or more suspicious static signals were detected.
Trigger
`npm install keen-code@0.29.0`, followed by `keen` execution
Impact
A compromised or substituted release payload can run with the privileges of the user invoking `keen`.
Mechanism
install-time remote native payload download and CLI execution
Rationale
This is a transparent compatibility wrapper, but its postinstall path installs executable code fetched at install time with checksum material from the same remote trust boundary. That creates unresolved supply-chain execution risk without evidence of a concrete malicious objective.
Evidence
package.jsonpostinstall.jsbin/keen.jsREADME.mdbin/keen/keen_<version>_<platform>_<arch>.tar.gz|zip
Network endpoints1
github.com/mochow13/keen-code/releases/download/v0.29.0

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `node postinstall.js` during npm install.
  • `postinstall.js` downloads a platform-native archive from the GitHub release URL.
  • The downloaded checksum is fetched from the same release location, not embedded or independently authenticated.
  • `postinstall.js` extracts and chmods the downloaded `bin/keen` executable.
  • `bin/keen.js` executes that downloaded binary with user-supplied CLI arguments.
Evidence against
  • No source reads environment variables, credentials, home directories, or project files.
  • No source sends local data to a network endpoint.
  • No `eval`, dynamic module loading, shell interpolation of user arguments, or AI-agent config writes were found.
  • Extraction is constrained to the package `bin` directory and temporary archive is removed.
Behavioral surface
Source
ChildProcessCryptoFilesystemNetwork
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 3.97 KB of source, external domains: github.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium3 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
LowScripts Present
LowFilesystem
LowUrl Strings