registry  /  @baishuyun/ai-office  /  1.2.2

@baishuyun/ai-office@1.2.2

Baishuyunw AI 办公模式

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a browser React AI-office UI/plugin SDK with user-invoked chat, attachment upload/download, and voice input features.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Runtime initialization via AIOffice.init with caller-provided apiEndpoint and user interactions.
Impact
Expected chat/office functionality; no source evidence of unconsented execution, persistence, or exfiltration.
Mechanism
User-configured browser API calls and plugin UI registration.
Rationale
Static inspection shows package-aligned browser networking and plugin lifecycle behavior, with no install-time execution or concrete malicious source behavior. Scanner hits are explained by expected fetch/WebSocket APIs, build-time process.env checks, and embedded image base64.
Evidence
package.jsonsrc/index.tssrc/sdk.tssrc/app/hooks/useChatTransport.tssrc/app/service/fetch-bots.tssrc/app/hooks/use-voice-input.tssrc/lib/utils.tsscripts/validate-build.jsvite.config.tssrc/const/ui.ts
Network endpoints4
${apiEndpoint}/common/connect${apiEndpoint}/agent/all-bots${apiEndpoint}/form/attachment/upload${apiEndpoint as ws/wss}/asr

Decision evidence

public snapshot
AI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle scripts.
    • Entrypoints src/index.ts and src/sdk.ts only export React UI/SDK APIs.
    • Network use is runtime and user-configured: apiEndpoint /common/connect, /agent/all-bots, /form/attachment/upload, and ASR WebSocket.
    • src/lib/utils.ts download/upload helpers act on caller-provided URLs/endpoints for attachments.
    • No child_process, eval/new Function, credential harvesting, cookie/localStorage access, or filesystem writes found in src.
    • Dist secret-looking base64 is embedded UI image data mirrored from src/const/ui.ts.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 253 file(s), 4.99 MB of source, external domains: github.com, jedwatson.github.io, json-schema.org, radix-ui.com, tailwindcss.com, www.w3.org

    Source & flagged code

    4 flagged · loading source
    dist/index-DqEXX9PD.jsView file
    2923patternName = generic_password severity = medium line = 2923 matchedText = password...4;",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index-DqEXX9PD.jsView on unpkg · L2923
    src/lib/utils.tsView file
    matchType = previous_version_dangerous_delta matchedPackage = @baishuyun/ai-office@1.1.2 matchedIdentity = npm:QGJhaXNodXl1bi9haS1vZmZpY2U:1.1.2 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    src/lib/utils.tsView on unpkg
    dist/sdk.jsView file
    2920patternName = generic_password severity = medium line = 2920 matchedText = password...4;",
    Medium
    Secret Pattern

    Hardcoded password in dist/sdk.js

    dist/sdk.jsView on unpkg · L2920
    dist/ai-office.umd.cjsView file
    5patternName = generic_password severity = medium line = 5 matchedText = url(data..."),`
    Medium
    Secret Pattern

    Hardcoded password in dist/ai-office.umd.cjs

    dist/ai-office.umd.cjsView on unpkg · L5

    Findings

    1 High5 Medium4 Low
    HighPrevious Version Dangerous Deltasrc/lib/utils.ts
    MediumSecret Patterndist/index-DqEXX9PD.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/sdk.js
    MediumSecret Patterndist/ai-office.umd.cjs
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings