registry  /  kevlar-4u  /  1.6.15

kevlar-4u@1.6.15

Local-first MCP content review server — simulates reader reactions before publishing. 100% offline, no telemetry, AGPL-3.0 open source.

AI Security Review

scanned 5h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs kevlar-4u CLI, npx kevlar-4u --auto, or npm run setup; runtime tools may check updates or submit error reports.
Impact
AI clients may load the kevlar-4u MCP server after user setup; no confirmed malicious exfiltration or unconsented install-time persistence.
Mechanism
explicit first-party MCP server registration and optional package-aligned network calls
Rationale
Static source inspection confirms explicit AI-client MCP configuration writes, but no unconsented npm lifecycle mutation, credential harvesting, destructive behavior, or remote payload execution. Warn rather than block because the agent control-surface mutation is real but user-invoked and package-aligned.
Evidence
package.jsonscripts/cli.tsscripts/registry.tsscripts/setup.tsdist/index.jsdist/server.jsdist/tools/reportErrorTool.jsdist/tools/checkUpdateTool.jsdist/utils/saasClient.jsdist/execution/config.js~/.kevlar-lang~/.codex/config.toml~/.cursor/mcp.json~/Library/Application Support/Claude/claude_desktop_config.json~/.claude/claude_desktop_config.json~/.codeium/windsurf/mcp_config.json~/.config/opencode/opencode.json~/.gemini/antigravity/mcp_config.json~/.codebuddy/mcp.json~/.workbuddy/mcp.jsonskills/kevlar-config.jsonskills/tmp/*
Network endpoints4
kevlar4u.xyz/api/v1/error-reportkevlar4u.xyz/api/v1/versionkevlar4u.xyz/api/v1/subscription-promptsgithub.com/ChurzeXo/kevlar-4u/issues/new

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • scripts/cli.ts --auto and interactive CLI write MCP entries into Claude/Cursor/Windsurf/OpenCode/Codex/Antigravity/CodeBuddy/WorkBuddy configs.
  • scripts/registry.ts targets broad AI-agent config paths including ~/.codex/config.toml, ~/.cursor/mcp.json, and Claude Desktop configs.
  • scripts/setup.ts is a zero-config installer that can inject Claude MCP config, but it is not wired to package.json install hooks.
  • dist/tools/reportErrorTool.js can POST user-approved error reports to https://kevlar4u.xyz/api/v1/error-report.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly blocks local publishing.
  • MCP config mutation is activated by explicit CLI commands (--auto or interactive prompt), not automatic npm install.
  • CLI writes a first-party kevlar-4u MCP server entry and makes backups/idempotency checks; no foreign agent rules are overwritten wholesale.
  • dist/index.js starts an MCP stdio server; import-time behavior is server setup, not harvesting or exfiltration.
  • Network use is package-aligned update/error/pro sync behavior; no credential/file harvesting loop found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
CopyleftLicense
scanned 90 file(s), 877 KB of source, external domains: github.com, kevlar4u.xyz

Source & flagged code

2 flagged · loading source
dist/scripts/cli.jsView file
331const PRO_PKG = "@kevlar/pro-runtime"; L332: _proCli = import(PRO_PKG).catch(() => null); L333: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/scripts/cli.jsView on unpkg · L331
scripts/kevlar-proxy.shView file
path = scripts/kevlar-proxy.sh kind = build_helper sizeBytes = 1475 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/kevlar-proxy.shView on unpkg

Findings

5 Medium6 Low
MediumDynamic Requiredist/scripts/cli.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/kevlar-proxy.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowCopyleft License