registry  /  @comate/comatecli  /  1.0.2

@comate/comatecli@1.0.2

Comate of Terminal —— 交互式终端 AI 编码助手

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface. The main install-time behavior bootstraps a pinned ripgrep binary for package code-search functionality and records its path under package/home cache locations.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install postinstall; later user runs comatecli
Impact
Potential install-time network download and local cache writes, but no confirmed credential theft, persistence, destructive behavior, or agent hijack.
Mechanism
package-aligned ripgrep bootstrap and CLI engine startup
Rationale
Source inspection shows risky primitives, but they are tied to the package's CLI/code-search engine and install-time ripgrep bootstrap, with no concrete malicious chain or foreign AI-agent control-surface mutation. The scanner's secret finding is documentation/example content, not active credential use.
Evidence
package.jsonscripts/postinstall.jsscripts/postinstallCore.mjsbin/zulu-tui.mjscomate-engine/assets/skills/ku-doc-manage/references/export_sheet.mdcomate-engine/bin/comate.js~/.comate/ripgrep-binary/<target>/rg~/.comate/.rg-pathripgrep-binary/.rg-path
Network endpoints2
ghproxy.net/https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/<filename>github.com/BurntSushi/ripgrep/releases/download/14.1.1/<filename>

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json runs postinstall: node scripts/postinstall.js
  • scripts/postinstall.js may download ripgrep and write ~/.comate/ripgrep-binary plus .rg-path
  • scripts/postinstall.js uses execSync for rg/version/probe/archive commands
  • bin/zulu-tui.mjs launches embedded zulu engine and sets ~/.cot auth/plans dirs at user runtime
  • comate-engine includes user-invoked skills that read/cache tokens for Baidu internal services
Evidence against
  • Postinstall purpose is explicit ripgrep bootstrap for code search, with system-rg and embedded/cache checks before download
  • Download URLs are pinned ripgrep release sources, not attacker-controlled except optional RIPGREP_MIRROR_BASE env
  • Postinstall failures are non-fatal and no credential/env harvesting or exfiltration found in install script
  • bin/zulu-tui.mjs dynamic imports are local package modules or @comate/zulu fallback for CLI runtime
  • export_sheet.md secret hit is a documented example download URL, not executable code
  • No unconsented install-time mutation of foreign AI-agent control surfaces found
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 7 file(s), 2.66 MB of source, external domains: ghproxy.net, github.com, react.dev
Oversized source lightweight scan
comate-engine/server.js9.07 MB file, sampled 256 KB
FilesystemEnvironmentVarsCryptoHighEntropyStringsMinified
dist/zulu/index.js3.97 MB file, sampled 256 KB
FilesystemChildProcessEnvironmentVarsCryptoObfuscatedHighEntropyStringsMinified

Source & flagged code

13 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
comate-engine/assets/skills/ku-doc-manage/references/export_sheet.mdView file
29patternName = supabase_service_key severity = critical line = 29 matchedText = "downloa...=1",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

comate-engine/assets/skills/ku-doc-manage/references/export_sheet.mdView on unpkg · L29
29patternName = supabase_service_key severity = critical line = 29 matchedText = "downloa...=1",
Critical
Secret Pattern

Supabase service role key (JWT) in comate-engine/assets/skills/ku-doc-manage/references/export_sheet.md

comate-engine/assets/skills/ku-doc-manage/references/export_sheet.mdView on unpkg · L29
dist/index.jsView file
1import{fileURLToPath as e}from"url";import{dirname as t}from"path";t(e(import.meta.url));import n from"events";import r from"https";import i from"http";import a from"net";import o ... L2: /**
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L1
1import{fileURLToPath as e}from"url";import{dirname as t}from"path";t(e(import.meta.url));import n from"events";import r from"https";import i from"http";import a from"net";import o ... L2: /** ... L9: * LICENSE file in the root directory of this source tree. L10: */"production"===process.env.NODE_ENV?q.exports=function(){if(W)return $;W=1;var e=Symbol.for("react.transitional.element"),t=Symbol.for("react.portal"),n=Symbol.for("react.fragmen... L11: /**
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/index.jsView on unpkg · L1
45* LICENSE file in the root directory of this source tree. L46: */"production"===process.env.NODE_ENV?$t.exports=(nn||(nn=1,function(e){e.exports=function(e){function t(e,t,n,r){return new Gi(e,t,n,r)}function n(){}function r(e){var t="https://... L47: /** ... L54: * LICENSE file in the root directory of this source tree. L55: */"production"===process.env.NODE_ENV?fu.exports=function(){if(Eu)return hu;Eu=1;var e=Symbol.for("react.transitional.element"),t=Symbol.for("react.fragment");function n(t,n,r){var...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/index.jsView on unpkg · L45
scripts/postinstall.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @comate/comatecli@1.0.0-beta.0 matchedIdentity = npm:QGNvbWF0ZS9jb21hdGVjbGk:1.0.0-beta.0 similarity = 0.833 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

scripts/postinstall.jsView on unpkg
224const findCmd = isWindows L225: ? `powershell -Command "Get-ChildItem -Path '${searchDir}' -Filter 'rg.exe' -Recurse ` L226: + '| Select-Object -First 1 -ExpandProperty FullName"'
High
Shell

Package source references shell execution.

scripts/postinstall.jsView on unpkg · L224
bin/zulu-tui.mjsView file
62({FixtureZuluSession, MockLoginController, MockZuluSession, renderChatApp, renderGallery, renderM13Demo, withRecording} L63: = await import('../dist/index.js')); L64: }
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/zulu-tui.mjsView on unpkg · L62
comate-engine/assets/skills/icode/scripts/common.shView file
path = comate-[redacted].sh kind = build_helper sizeBytes = 3826 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

comate-engine/assets/skills/icode/scripts/common.shView on unpkg
dist/zulu/index.jsView file
path = dist/zulu/index.js kind = oversized_source_file sizeBytes = 4158658 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/zulu/index.jsView on unpkg
comate-engine/assets/skills/code-security/references/vul_repair_sensitive.mdView file
384patternName = generic_password severity = medium line = 384 matchedText = std::str...xx";
Medium
Secret Pattern

Hardcoded password in comate-engine/assets/skills/code-security/references/vul_repair_sensitive.md

comate-engine/assets/skills/code-security/references/vul_repair_sensitive.mdView on unpkg · L384

Findings

3 Critical6 High7 Medium5 Low
CriticalCritical Secretcomate-engine/assets/skills/ku-doc-manage/references/export_sheet.md
CriticalPrevious Version Dangerous Deltascripts/postinstall.js
CriticalSecret Patterncomate-engine/assets/skills/ku-doc-manage/references/export_sheet.md
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/index.js
HighShellscripts/postinstall.js
HighSame File Env Network Executiondist/index.js
HighCommand Output Exfiltrationdist/index.js
HighOversized Source Filedist/zulu/index.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/zulu-tui.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helpercomate-engine/assets/skills/icode/scripts/common.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterncomate-engine/assets/skills/code-security/references/vul_repair_sensitive.md
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings