registry  /  @baishuyun/ai-office  /  1.1.1

@baishuyun/ai-office@1.1.1

Baishuyunw AI 办公模式

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Runtime network behavior is package-aligned for an AI office UI and targets host application supplied endpoints.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports/renders AIOffice UI and interacts with chat, attachment upload/download, bot listing, or voice input.
Impact
No source-backed exfiltration or unauthorized code execution identified.
Mechanism
React UI SDK with user-configured backend calls
Rationale
Static inspection shows a React AI-office UI package whose network activity is driven by consumer-provided endpoints and user actions. Suspicious scanner signals map to normal fetch/WebSocket usage and embedded image data, with no concrete attack behavior.
Evidence
package.jsonsrc/index.tssrc/app/components/ai-office/index.tsxsrc/app/hooks/useChatTransport.tssrc/app/service/fetch-bots.tssrc/lib/utils.tssrc/app/hooks/use-event-msg-submit.tssrc/app/hooks/use-voice-input.tsscripts/validate-build.jssrc/const/ui.ts

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks; build scripts are developer-invoked only.
    • Entrypoints export React/UI code: src/index.ts exports AIOffice components and package exports point to dist bundles.
    • Network calls use caller-provided apiEndpoint/uploadEndpoint/url values for chat, bot listing, attachments, and ASR WebSocket.
    • No child_process, eval/new Function, filesystem writes, credential harvesting, persistence, or destructive behavior found in src or build script.
    • Scanner secret hit is embedded data:image PNG constants in src/const/ui.ts, not a credential.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 252 file(s), 4.99 MB of source, external domains: github.com, jedwatson.github.io, json-schema.org, radix-ui.com, tailwindcss.com, www.w3.org

    Source & flagged code

    3 flagged · loading source
    dist/index-CqY_kigV.jsView file
    2923patternName = generic_password severity = medium line = 2923 matchedText = password...4;",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index-CqY_kigV.jsView on unpkg · L2923
    dist/sdk.jsView file
    2920patternName = generic_password severity = medium line = 2920 matchedText = password...4;",
    Medium
    Secret Pattern

    Hardcoded password in dist/sdk.js

    dist/sdk.jsView on unpkg · L2920
    dist/ai-office.umd.cjsView file
    5patternName = generic_password severity = medium line = 5 matchedText = url(data..."),`
    Medium
    Secret Pattern

    Hardcoded password in dist/ai-office.umd.cjs

    dist/ai-office.umd.cjsView on unpkg · L5

    Findings

    5 Medium4 Low
    MediumSecret Patterndist/index-CqY_kigV.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/sdk.js
    MediumSecret Patterndist/ai-office.umd.cjs
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings