registry  /  @baishuyun/ai-office  /  1.1.2

@baishuyun/ai-office@1.1.2

Baishuyunw AI 办公模式

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface. Network use is runtime, user-invoked, and aligned with an AI office/chat UI SDK using caller-provided endpoints.

Static reason
One or more suspicious static signals were detected.
Trigger
Application imports and renders the AI office UI or invokes chat, upload, bot fetch, or voice input features.
Impact
Expected runtime communication with integrator-configured services; no credential harvesting, persistence, destructive behavior, or install-time execution found.
Mechanism
React AI office SDK with chat transport, bot manifest fetch, attachment upload/download, and ASR WebSocket.
Rationale
Static source inspection shows a browser React SDK whose network primitives are package-aligned and depend on endpoints supplied by the host application. Scanner hits for fetch, process.env, data:image, and password strings map to build config, UI assets, form labels, or user-invoked runtime features rather than malware behavior.
Evidence
package.jsonsrc/index.tssrc/app/hooks/useChatTransport.tssrc/app/service/fetch-bots.tssrc/app/utils/attachments.tssrc/app/hooks/use-voice-input.tssrc/core/plugin-system/PluginManager.ts
Network endpoints5
${apiEndpoint}/common/connect${apiEndpoint}/agent/all-botsuploadEndpointdownloadFile(url)asrEndpoint

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle scripts.
    • src/index.ts only exports app/plugin SDK APIs.
    • src/app/hooks/useChatTransport.ts sends chat traffic to caller-provided api/common/connect.
    • src/app/service/fetch-bots.ts fetches caller-provided apiEndpoint/agent/all-bots with caller-provided headers.
    • src/app/hooks/use-voice-input.ts opens a WebSocket only to caller-provided ASR endpoint after user microphone permission.
    • src/core/plugin-system/PluginManager.ts dynamic imports are constrained to Vite globbed built-in plugins.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 252 file(s), 4.99 MB of source, external domains: github.com, jedwatson.github.io, json-schema.org, radix-ui.com, tailwindcss.com, www.w3.org

    Source & flagged code

    3 flagged · loading source
    dist/index-BTCjqYfE.jsView file
    2923patternName = generic_password severity = medium line = 2923 matchedText = password...4;",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index-BTCjqYfE.jsView on unpkg · L2923
    dist/sdk.jsView file
    2920patternName = generic_password severity = medium line = 2920 matchedText = password...4;",
    Medium
    Secret Pattern

    Hardcoded password in dist/sdk.js

    dist/sdk.jsView on unpkg · L2920
    dist/ai-office.umd.cjsView file
    5patternName = generic_password severity = medium line = 5 matchedText = url(data..."),`
    Medium
    Secret Pattern

    Hardcoded password in dist/ai-office.umd.cjs

    dist/ai-office.umd.cjsView on unpkg · L5

    Findings

    5 Medium4 Low
    MediumSecret Patterndist/index-BTCjqYfE.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/sdk.js
    MediumSecret Patterndist/ai-office.umd.cjs
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings