registry  /  @baishuyun/ai-office  /  1.2.4

@baishuyun/ai-office@1.2.4

Baishuyunw AI 办公模式

AI Security Review

scanned 8d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Network use is browser runtime functionality tied to caller-provided AI office API, chat, attachment, and voice endpoints.

Static reason
One or more suspicious static signals were detected.
Trigger
User imports/renders the AI Office React component or uses its browser UI features.
Impact
No unauthorized install-time execution, persistence, exfiltration, or filesystem/control-surface mutation identified.
Mechanism
browser UI SDK with in-memory plugin registration and caller-configured network requests
Rationale
Static inspection shows a React/browser AI office UI package whose suspicious primitives are package-aligned runtime networking and in-memory plugin loading. There are no lifecycle hooks, foreign AI-agent config writes, credential collection, shell execution, or concrete exfiltration behavior.
Evidence
package.jsonsrc/app/service/fetch-bots.tssrc/app/hooks/useChatTransport.tssrc/lib/utils.tssrc/app/utils/attachments.tssrc/core/plugin-system/PluginManager.tssrc/plugins/index.tssrc/app/hooks/use-voice-input.ts

Decision evidence

public snapshot
AI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no npm lifecycle scripts and exports built dist/browser SDK files.
    • src/app/service/fetch-bots.ts fetches only from caller-supplied apiEndpoint for agent manifest.
    • src/app/hooks/useChatTransport.ts connects chat to caller-supplied apiEndpoint/common/connect.
    • src/lib/utils.ts and src/app/utils/attachments.ts download/upload user-provided attachments via browser fetch only.
    • src/core/plugin-system/PluginManager.ts installs package/app plugins in memory via Vite import.meta.glob, not filesystem or foreign agent config writes.
    • No child_process, shell execution, eval/Function, credential harvesting, persistence, or AI-agent control-surface mutation found.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsMinifiedUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 253 file(s), 4.99 MB of source, external domains: github.com, jedwatson.github.io, json-schema.org, radix-ui.com, tailwindcss.com, www.w3.org

    Source & flagged code

    3 flagged · loading source
    dist/index-D0oAxdHR.jsView file
    2923patternName = generic_password severity = medium line = 2923 matchedText = password...4;",
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index-D0oAxdHR.jsView on unpkg · L2923
    dist/sdk.jsView file
    2920patternName = generic_password severity = medium line = 2920 matchedText = password...4;",
    Medium
    Secret Pattern

    Hardcoded password in dist/sdk.js

    dist/sdk.jsView on unpkg · L2920
    dist/ai-office.umd.cjsView file
    5patternName = generic_password severity = medium line = 5 matchedText = url(data..."),`
    Medium
    Secret Pattern

    Hardcoded password in dist/ai-office.umd.cjs

    dist/ai-office.umd.cjsView on unpkg · L5

    Findings

    5 Medium4 Low
    MediumSecret Patterndist/index-D0oAxdHR.js
    MediumNetwork
    MediumEnvironment Vars
    MediumSecret Patterndist/sdk.js
    MediumSecret Patterndist/ai-office.umd.cjs
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings