registry  /  @aiscene/aiserver  /  1.9.3

@aiscene/aiserver@1.9.3

AI automation server with device management, task scheduling, and debug capabilities

AI Security Review

scanned 3d ago · by lpm-firewall-ai

The package exposes a user-invoked automation server that can poll remote tasks and execute supplied automation/code. This is powerful and includes a bundled model API key, but the behavior is visible and aligned with the package purpose.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
user runs `aiserver` or `node dist/index.js` and completes/has node authorization
Impact
Executes configured automation tasks, uses model credentials, stores node auth/SQLite data, uploads reports or capture files to configured callbacks.
Mechanism
remote task polling, forked worker execution, AsyncFunction code executor, report upload
Rationale
Source inspection shows no install-time/import-time malware, persistence, credential harvesting, or covert exfiltration, but the package intentionally provides remotely driven code/automation execution and ships a hardcoded model key. That unresolved dangerous capability warrants warning rather than a publish block.
Evidence
package.jsondist/.envdist/config/index.jsdist/task/poller.jsdist/task/scheduler.jsdist/executor/worker-entry.jsdist/executor/code-executor.jsdist/executor/cli-executor.jsdist/api/callback.jsdist/auth/node-auth.jsdata/aiserver-auth.jsondata/aiserver.dbtmp/captures/capture_task_<taskId>_<timestamp>.json
Network endpoints5
opentestai.jd.comopentest.jd.comclawai.jd.comnethp-test.jd.commodelservice.jdcloud.com/v1

Decision evidence

public snapshot
AI called this Suspicious at 84.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/.env and dist/config/index.js contain a hardcoded MIDSCENE_MODEL_API_KEY-like value and default JD/JDCloud endpoints.
  • dist/task/poller.js fetches tasks from configured server and dist/task/scheduler.js forks worker-entry.js to execute them.
  • dist/executor/code-executor.js and dist/executor/cli-executor.js execute task-provided JavaScript with AsyncFunction.
  • dist/api/callback.js uploads report/capture files to configured callbacks and may delete uploaded local reports.
Evidence against
  • package.json has no lifecycle install hooks; main/bin runs only when user invokes the server.
  • Node auth is browser/activation-gated and stored in data/aiserver-auth.json with mode 0600.
  • Remote task execution and report upload are package-aligned for an AI automation server, not hidden install/import behavior.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 73 file(s), 767 KB of source, external domains: 127.0.0.1, autobots-bk.jd.local, clawai.jd.com, modelservice.jdcloud.com, nethp-test.jd.com, opentest.jd.com, opentestai.jd.com, proxy-pc.jd.com, ssa.jd.com, storage.jd.com

Source & flagged code

2 flagged · loading source
dist/.envView file
32patternName = blocked_file severity = critical matchedText = dist/.env redactedSecretContext = secretLikeLines = 4 L32: OPENAI_API_KEY=<redacted:0 empty> L47: MIDSCENE_MODEL_API_KEY=<redacted:39 token-like> L48: MIDSCENE_MODEL_NAME=<redacted:29 token-like> L49: MIDSCENE_MODEL_FAMILY=<redacted:22 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/.envView on unpkg · L32
dist/task/scheduler.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @aiscene/aiserver@1.8.9 matchedIdentity = npm:QGFpc2NlbmUvYWlzZXJ2ZXI:1.8.9 similarity = 0.844 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/task/scheduler.jsView on unpkg

Findings

1 Critical1 High2 Medium4 Low
CriticalCritical Secretdist/.env
HighPrevious Version Dangerous Deltadist/task/scheduler.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings