registry  /  @bolloon/bolloon-agent  /  0.2.12

@bolloon/bolloon-agent@0.2.12

⚠ Under review

P2P AI Document Agent - 全局安装后执行 `bolloon` 启动产品

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 93.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 319 file(s), 1.99 MB of source, external domains: 127.0.0.1, api.anthropic.com, api.deepseek.com, api.minimaxi.com, api.moonshot.cn, api.openai.com, ark.cn-beijing.volces.com, dashscope.aliyuncs.com, esm.sh, eth.llamarpc.com, example.com, generativelanguage.googleapis.com, open.bigmodel.cn, openclaw.ai, openrouter.ai, platform.minimaxi.com, registry.npmjs.org, www.google.com, www.volcengine.com

Source & flagged code

11 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
bin/bolloon.jsView file
2const path = require("path"); L3: const { spawn } = require("child_process"); L4: const fs = require("fs");
High
Child Process

Package source references child process execution.

bin/bolloon.jsView on unpkg · L2
1#!/usr/bin/env node L2: const path = require("path"); L3: const { spawn } = require("child_process");
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/bolloon.jsView on unpkg · L1
dist/agents/shell-tool.jsView file
62// M3.5 (2026-06-17): Windows 上 ls/cat/pwd 不在 PATH, 必须用 cmd 内置命令 (dir/type/cd) L63: // 但 cmd 内置命令不能在 shell: false 下跑, 切到 shell: true (Windows shell: cmd.exe, POSIX shell: /bin/sh) L64: // 风险: 元字符注入 — 通过 checkCommand + arg denylist 防护, 加 shellQuoteArgs() 转义
High
Shell

Package source references shell execution.

dist/agents/shell-tool.jsView on unpkg · L62
dist/heartbeat/StartupVerifier.jsView file
89package = @bolloon/bolloon-agent; repositoryIdentity = bolloon; dependency = @diap/sdk L89: try { L90: await import('@diap/sdk'); L91: this.completeCheck('p2p_modules', true, '@diap/sdk available');
High
Copied Package Dependency Bridge

Package metadata claims a different repository identity while copied source loads a runtime dependency bridge.

dist/heartbeat/StartupVerifier.jsView on unpkg · L89
dist/security/input-scanner.jsView file
56contains invisible/control Unicode U+200B (zero width space) const WHITESPACE_ANOMALY_RE = /[<U+200B>-<U+200F><U+FEFF>]{5,}/g;
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

dist/security/input-scanner.jsView on unpkg · L56
scripts/build-web.tsView file
34try { L35: execSync(`npx tsc --outDir dist/web/components/p2p --declaration false --skipLibCheck --target ES2022 --module ESNext --moduleResolution bundler ${moduleFiles.join(' ')}`, { L36: cwd: ROOT,
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

scripts/build-web.tsView on unpkg · L34
bin/bolloon.cmdView file
path = bin/bolloon.cmd kind = build_helper sizeBytes = 230 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/bolloon.cmdView on unpkg
dist/web/icons/favicon.icnsView file
path = dist/web/icons/favicon.icns kind = high_entropy_blob sizeBytes = 467940 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/web/icons/favicon.icnsView on unpkg
dist/cli-entry.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @bolloon/bolloon-agent@0.2.7 matchedIdentity = npm:QGJvbGxvb24vYm9sbG9vbi1hZ2VudA:0.2.7 similarity = 0.808 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/cli-entry.jsView on unpkg

Findings

2 Critical6 High6 Medium4 Low
CriticalTrojan Source Unicodedist/security/input-scanner.js
CriticalPrevious Version Dangerous Deltadist/cli-entry.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processbin/bolloon.js
HighShelldist/agents/shell-tool.js
HighCopied Package Dependency Bridgedist/heartbeat/StartupVerifier.js
HighRuntime Package Installscripts/build-web.ts
HighShips High Entropy Blobdist/web/icons/favicon.icns
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/bolloon.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/bolloon.cmd
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings