registry  /  @clawhelp/fmlhealth-cli  /  1.0.4

@clawhelp/fmlhealth-cli@1.0.4

一家检 - 家庭健康管理命令行工具

AI Security Review

scanned 4d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. The package is a user-invoked health-management CLI with service API calls, auth-token persistence, and browser-open login flow.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs fmlhealth-cli commands such as auth login, members, tests, test-add, or analyze.
Impact
Stores an auth token under the user's home directory and sends authenticated API requests to the package service; no confirmed exfiltration or hidden execution.
Mechanism
User-invoked HTTPS API client with local token persistence
Rationale
Source inspection does not support the scanner claim that command output is exfiltrated: the only shell use opens a browser for OAuth login and ignores output. The token storage and service API traffic are package-aligned and user-invoked, with no lifecycle execution, persistence, destructive behavior, or credential harvesting found.
Evidence
package.jsonbin/fmlhealth-cli.jsSKILL.md~/.fmlhealth-cli/token.json
Network endpoints3
www.fmlhealth.cnwww.fmlhealth.cn/api/auth/oauth/cli-tokenhealth.clawhelp.me/login.html

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • bin/fmlhealth-cli.js sends authenticated HTTPS requests to www.fmlhealth.cn.
  • bin/fmlhealth-cli.js reads YJ_API_KEY/MCP_API_KEY and persists it as a CLI auth token.
  • bin/fmlhealth-cli.js uses child_process.execSync to open the auth login URL.
  • SKILL.md instructs AI agents to use fmlhealth-cli for health-data tasks.
Evidence against
  • package.json has no lifecycle scripts; execution is via user-invoked bin only.
  • child_process is limited to open/start/xdg-open for a constructed login URL, not arbitrary command execution or output capture.
  • No code harvests shell output, environment dumps, project files, credentials, or agent config files.
  • Network traffic is aligned with declared family-health CLI functions and a single service host.
  • SKILL.md is shipped as documentation only; no install-time write or control-surface mutation is present.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 1 file(s), 11.5 KB of source, external domains: health.clawhelp.me, www.fmlhealth.cn

Source & flagged code

3 flagged · loading source
bin/fmlhealth-cli.jsView file
19L20: const http = require('https'); L21: const fs = require('fs'); ... L25: const BASE_URL = 'https://www.fmlhealth.cn'; L26: const CONFIG_DIR = path.join(os.homedir(), '.fmlhealth-cli'); L27: const TOKEN_FILE = path.join(CONFIG_DIR, 'token.json'); ... L31: if (fs.existsSync(TOKEN_FILE)) { L32: return JSON.parse(fs.readFileSync(TOKEN_FILE, 'utf8')).token; L33: } ... L45: if (saved) return saved; L46: const env = process.env.YJ_API_KEY || process.env.MCP_API_KEY L47: if (env) { saveToken(env); return env; }
Critical
Command Output Exfiltration

Source executes local commands and sends command output to an external endpoint.

bin/fmlhealth-cli.jsView on unpkg · L19
19Trigger-reachable chain: manifest.bin -> bin/fmlhealth-cli.js L19: L20: const http = require('https'); L21: const fs = require('fs'); ... L25: const BASE_URL = 'https://www.fmlhealth.cn'; L26: const CONFIG_DIR = path.join(os.homedir(), '.fmlhealth-cli'); L27: const TOKEN_FILE = path.join(CONFIG_DIR, 'token.json'); ... L31: if (fs.existsSync(TOKEN_FILE)) { L32: return JSON.parse(fs.readFileSync(TOKEN_FILE, 'utf8')).token; L33: } ... L45: if (saved) return saved; L46: const env = process.env.YJ_API_KEY || process.env.MCP_API_KEY L47: if (env) { saveToken(env); return env; }
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

bin/fmlhealth-cli.jsView on unpkg · L19
207const plat = require('os').platform(); L208: if (plat === 'darwin') require('child_process').execSync('open "' + loginUrl + '"'); L209: else if (plat === 'win32') require('child_process').execSync('start "" "' + loginUrl + '"');
High
Child Process

Package source references child process execution.

bin/fmlhealth-cli.jsView on unpkg · L207

Findings

2 Critical2 High3 Medium4 Low
CriticalCommand Output Exfiltrationbin/fmlhealth-cli.js
CriticalTrigger Reachable Dangerous Capabilitybin/fmlhealth-cli.js
HighChild Processbin/fmlhealth-cli.js
HighShell
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License