registry  /  @clawhelp/fmlhealth-cli  /  1.0.6

@clawhelp/fmlhealth-cli@1.0.6

一家检 - 家庭健康管理命令行工具

AI Security Review

scanned 2d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked health-management CLI that talks to its documented backend and stores an auth token for later API calls.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
User runs fmlhealth-cli commands, especially auth login or health data commands.
Impact
Can read/write the user's health-service data when the user provides or obtains a token; no unrelated system data collection or exfiltration found.
Mechanism
Package-aligned authenticated HTTPS API client
Rationale
Static inspection shows the risky primitives are aligned with the documented CLI purpose: authenticated health-service API calls, local token persistence, and opening an OAuth login page. There is no install-time behavior, command-output exfiltration, credential harvesting beyond its own token, or AI-agent control-surface mutation.
Evidence
package.jsonbin/fmlhealth-cli.jsREADME.mdSKILL.md~/.fmlhealth-cli/token.json
Network endpoints3
www.fmlhealth.cn/apiwww.fmlhealth.cn/api/auth/oauth/cli-tokenhealth.clawhelp.me/login.html

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; only bin entrypoint is bin/fmlhealth-cli.js.
    • bin/fmlhealth-cli.js network calls target the documented health service www.fmlhealth.cn APIs.
    • child_process.execSync is only used inside user-invoked auth login to open a browser to the login URL.
    • Token handling is limited to reading env vars/saved token and sending it as Authorization to the service API.
    • README.md and SKILL.md describe the same health-management CLI commands implemented by the bin file.
    • No eval/vm/native binary loading, install-time execution, persistence, broad file harvesting, or unrelated exfiltration found.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 1 file(s), 12.0 KB of source, external domains: health.clawhelp.me, www.fmlhealth.cn

    Source & flagged code

    3 flagged · loading source
    bin/fmlhealth-cli.jsView file
    20L21: const http = require('https'); L22: const fs = require('fs'); ... L26: const BASE_URL = 'https://www.fmlhealth.cn'; L27: const CONFIG_DIR = path.join(os.homedir(), '.fmlhealth-cli'); L28: const TOKEN_FILE = path.join(CONFIG_DIR, 'token.json'); ... L32: if (fs.existsSync(TOKEN_FILE)) { L33: return JSON.parse(fs.readFileSync(TOKEN_FILE, 'utf8')).token; L34: } ... L46: if (saved) return saved; L47: const env = process.env.YJ_API_KEY || process.env.MCP_API_KEY L48: if (env) { saveToken(env); return env; }
    Critical
    Command Output Exfiltration

    Source executes local commands and sends command output to an external endpoint.

    bin/fmlhealth-cli.jsView on unpkg · L20
    20Trigger-reachable chain: manifest.bin -> bin/fmlhealth-cli.js L20: L21: const http = require('https'); L22: const fs = require('fs'); ... L26: const BASE_URL = 'https://www.fmlhealth.cn'; L27: const CONFIG_DIR = path.join(os.homedir(), '.fmlhealth-cli'); L28: const TOKEN_FILE = path.join(CONFIG_DIR, 'token.json'); ... L32: if (fs.existsSync(TOKEN_FILE)) { L33: return JSON.parse(fs.readFileSync(TOKEN_FILE, 'utf8')).token; L34: } ... L46: if (saved) return saved; L47: const env = process.env.YJ_API_KEY || process.env.MCP_API_KEY L48: if (env) { saveToken(env); return env; }
    Critical
    Trigger Reachable Dangerous Capability

    A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

    bin/fmlhealth-cli.jsView on unpkg · L20
    206const plat = require('os').platform(); L207: if (plat === 'darwin') require('child_process').execSync('open "' + loginUrl + '"'); L208: else if (plat === 'win32') require('child_process').execSync('start "" "' + loginUrl + '"');
    High
    Child Process

    Package source references child process execution.

    bin/fmlhealth-cli.jsView on unpkg · L206

    Findings

    2 Critical2 High3 Medium4 Low
    CriticalCommand Output Exfiltrationbin/fmlhealth-cli.js
    CriticalTrigger Reachable Dangerous Capabilitybin/fmlhealth-cli.js
    HighChild Processbin/fmlhealth-cli.js
    HighShell
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License