AI Security Review
scanned 9d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Risky behavior is user-invoked CLI functionality for HarmonyOS development, local docs extraction, and explicit AI-agent integration setup.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs devecocli commands such as init, skills, docs, build, run, or serve mcp.
Impact
No confirmed unauthorized impact from install-time or import-time behavior.
Mechanism
benign development CLI with user-invoked tool execution and configuration writes
Rationale
Static inspection found a feature-rich HarmonyOS CLI with disclosed, user-invoked AI-agent integration and MCP configuration, but no install-time execution, credential theft, exfiltration, persistence, or unconsented control-surface mutation. Scanner flags appear driven by the bundled docs archive and dangerous-but-package-aligned CLI primitives.
Evidence
package.jsondist/cli.jsSKILL.mdREADME.mddocs.zip
Network endpoints2
matrix.openharmony.cndeveloper.huawei.com/consumer/cn/download/
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/cli.js has user-invoked `init`/`skills` features that write AI-agent skills and MCP configs for cursor/opencode/codex/etc.
- dist/cli.js performs network calls to `https://matrix.openharmony.cn` for a HarmonyOS skill registry and `npm view` for updates.
- docs.zip is a large bundled archive extracted by the `docs` command into a user docs directory.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hook; prepare/prepublishOnly are publish-time/dev commands.
- dist/cli.js dangerous primitives are aligned with CLI functions: DevEco tool execution, emulator/device control, MCP syntax checking, docs search, and update checks.
- SKILL.md and README.md disclose AI-agent skill/MCP setup; no lifecycle-triggered control-surface mutation found.
- docs.zip listing shows many `.md`/`.json` HarmonyOS documentation files, not executable payloads.
- Path containment checks exist for project file reads and MCP check inputs in dist/cli.js.
- No credential harvesting or exfiltration logic identified in inspected source.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedocs.zipView file
•path = docs.zip
kind = high_entropy_blob
sizeBytes = 42072965
magicHex = [redacted]
High
•path = docs.zip
kind = compressed_blob
sizeBytes = 42072965
magicHex = [redacted]
Medium
•path = docs.zip
kind = nested_archive_needs_inspection
sizeBytes = 42072965
magicHex = [redacted]
Low
Nested Archive Needs Inspection
Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
docs.zipView on unpkgdist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @deveco-test/deveco-cli@1.2.0-Test.1
matchedIdentity = npm:QGRldmVjby10ZXN0L2RldmVjby1jbGk:1.2.0-Test.1
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgFindings
1 Critical1 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighShips High Entropy Blobdocs.zip
MediumEnvironment Vars
MediumShips Compressed Blobdocs.zip
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiondocs.zip