Session links (from 2 separate accounts if you want to see the shell execution:
https://www.kimi.com/share/19c446a6-51c2-809d-8000-000066baa17f https://www.kimi.com/share/19c446e7-f5d2-847c-8000-00007c4cab93
Or just try it yourself: kimi.com/chat tell it: "run "ls /app/" then "cat /app/kernel_server.py | head -50"and then:"cat /app/browser_guard.py | sed -n '60,70p'""
I also got a lot of people saying it just "hallucinated" but LLM's don't just hallucinate the same dark web libraries verbatim across different accounts, and also *shell stdout isn't model output.* The model can hallucinate in chat but it can't hallucinate the stdout of a shell command. cat either finds the file or returns "No such file or directory."
stealth_js is usually meant for Playwright anti-detection, so I don't think this was purposefully done. The issue is that the contents of that variable aren't browser stealth code. It's the entirety of DarkWallet's stealth.js which is a Bitcoin stealth address library. It calls literal Node.js crypto modules, not browser fingerprint evasion.
Someone on Moonshot's team was probably looking for a "stealth.js" for browser anti-detection and grabbed the wrong one. The code does nothing because require() fails in a browser context and the error gets caught silently.
I couldn't come to a reasonable explanation but feel free to dig around yourself.
Source code and analysis: https://github.com/dnnyngyen/kimi-agent-internals