registry  /  mewkit  /  1.15.0

mewkit@1.15.0

MeowKit CLI — scaffold, upgrade, and manage your AI agent toolkit

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `mewkit migrate codex` (including optional `--global`/`--yes`).
Impact
Changes an AI-agent control surface and can propagate project-selected hook execution.
Mechanism
Explicit agent-config migration and hook-wrapper installation.
Rationale
No concrete install-time or stealthy malicious behavior was found. Its explicit agent-control-surface mutation and hook execution capability merit a warning under the firewall policy.
Evidence
package.jsondist/commands/migrate.jsdist/migrate/hooks/codex-hook-wrapper.jsdist/migrate/hooks/codex-shell-env-installer.jsdist/core/github-releases.jsdist/memory/validate.js.codex/config.toml.codex/hooks.claude/hooks/lib/validate-content.cjs
Network endpoints1
api.github.com/repos/ngocsangyem/MeowKit/releases

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `mewkit migrate` explicitly invokes migration orchestration.
  • Migration writes `.codex/config.toml` and hook wrappers.
  • Generated Codex wrappers can spawn copied project hook scripts.
  • `upgrade` fetches GitHub releases and downloads ZIP assets.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • CLI dispatch requires an explicit user command for migrate/upgrade.
  • No source evidence of credential harvesting or secret exfiltration.
  • Dynamic validator load targets a project-owned `.claude` validator during memory operations.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 328 file(s), 1.54 MB of source, external domains: 127.0.0.1, aistudio.google.com, ampcode.com, anthropic.com, api.github.com, block.github.io, brew.sh, codelabs.developers.google.com, developers.openai.com, docs.all-hands.dev, docs.anthropic.com, docs.cline.bot, docs.cursor.com, docs.factory.ai, docs.flutter.dev, docs.github.com, docs.openhands.dev, docs.roocode.com, docs.windsurf.com, evil.example.com, export.arxiv.org, ffmpeg.org, github.com, imagemagick.org, kilocode.ai, kiro.dev, meowkit.dev, opencode.ai, openrouter.ai, platform.minimax.io, playwright.dev, react.dev, www.w3.org

Source & flagged code

2 flagged · loading source
dist/memory/validate.jsView file
4import { CURATED_STORES } from "./schemas.js"; L5: const require = createRequire(import.meta.url); L6: // Load the real validate-content.cjs (DRY — never reimplement the injection
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/memory/validate.jsView on unpkg · L4
dist/orchviz-web/fira-code-greek-500-normal.woff2View file
path = dist/orchviz-web/fira-code-greek-500-normal.woff2 kind = high_entropy_blob sizeBytes = 7816 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/orchviz-web/fira-code-greek-500-normal.woff2View on unpkg

Findings

1 High4 Medium6 Low
HighShips High Entropy Blobdist/orchviz-web/fira-code-greek-500-normal.woff2
MediumDynamic Requiredist/memory/validate.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings