registry  /  mewkit  /  1.14.1

mewkit@1.14.1

MeowKit CLI — scaffold, upgrade, and manage your AI agent toolkit

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The CLI can write project or opt-in global agent-tool configuration only through explicit `mewkit migrate`/setup actions, with migration confirmation. Upgrade networking is limited to the package's GitHub release API and selected release asset.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `mewkit upgrade`, `mewkit migrate`, setup, or memory-validation subcommands.
Impact
User-selected toolkit files, migration wrappers, and optional release updates may be written; no install-time execution, credential harvesting, or covert exfiltration was found.
Mechanism
Explicit CLI-managed upgrade, migration, validation, and project configuration writes.
Rationale
Direct inspection found a user-invoked AI-toolkit CLI, not install-time or covert attack behavior. Network, shell, dynamic-require, and agent-config primitives are scoped to explicit commands and package-aligned functionality.
Evidence
package.jsondist/index.jsdist/commands/upgrade.jsdist/core/github-releases.jsdist/migrate/migrate-orchestrator.jsdist/migrate/portable-installer.jsdist/migrate/hooks/codex-hook-wrapper.jsdist/memory/validate.js.claude/~/.codex/
Network endpoints1
api.github.com/repos/ngocsangyem/MeowKit/releases

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has no preinstall/install/postinstall hook; only publisher-side `prepublishOnly`.
    • `dist/index.js` executes only after the user invokes the `mewkit` binary and dispatches explicit subcommands.
    • `dist/commands/upgrade.js` uses `dist/core/github-releases.js` only for an explicit upgrade/check request.
    • `dist/migrate/migrate-orchestrator.js` supports dry-run and requires `--yes`, non-TTY execution, or interactive confirmation before planned writes.
    • `dist/migrate/hooks/codex-hook-wrapper.js` creates wrappers only during explicit migration and runs the selected existing hook.
    • `dist/memory/validate.js` dynamically loads a project-local validator only during memory validation; it does not fetch or drop a payload.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 328 file(s), 1.46 MB of source, external domains: 127.0.0.1, aistudio.google.com, ampcode.com, anthropic.com, api.github.com, block.github.io, brew.sh, codelabs.developers.google.com, developers.openai.com, docs.all-hands.dev, docs.anthropic.com, docs.cline.bot, docs.cursor.com, docs.factory.ai, docs.flutter.dev, docs.github.com, docs.openhands.dev, docs.roocode.com, docs.windsurf.com, evil.example.com, export.arxiv.org, ffmpeg.org, github.com, imagemagick.org, kilocode.ai, kiro.dev, meowkit.dev, opencode.ai, openrouter.ai, platform.minimax.io, playwright.dev, react.dev, www.w3.org

    Source & flagged code

    3 flagged · loading source
    dist/memory/validate.jsView file
    4import { CURATED_STORES } from "./schemas.js"; L5: const require = createRequire(import.meta.url); L6: // Load the real validate-content.cjs (DRY — never reimplement the injection
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/memory/validate.jsView on unpkg · L4
    dist/orchviz-web/fira-code-greek-500-normal.woff2View file
    path = dist/orchviz-web/fira-code-greek-500-normal.woff2 kind = high_entropy_blob sizeBytes = 7816 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    dist/orchviz-web/fira-code-greek-500-normal.woff2View on unpkg
    dist/migrate/providers/codex/capabilities.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = mewkit@1.14.0 matchedIdentity = npm:bWV3a2l0:1.14.0 similarity = 0.883 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/migrate/providers/codex/capabilities.jsView on unpkg

    Findings

    2 High4 Medium6 Low
    HighShips High Entropy Blobdist/orchviz-web/fira-code-greek-500-normal.woff2
    HighPrevious Version Dangerous Deltadist/migrate/providers/codex/capabilities.js
    MediumDynamic Requiredist/memory/validate.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowUrl Strings