AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package exposes a user-invoked HarmonyOS development CLI that can build/run projects, manage devices, install agent skills/MCP config, and extract bundled docs.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit devecocli command invocation; no install-time trigger found.
Impact
Expected project/device/build and agent-configuration side effects for a DevEco/HarmonyOS tool; no unconsented malicious behavior confirmed.
Mechanism
User-invoked CLI wrappers, local doc extraction, agent skill/MCP configuration
Rationale
Static source inspection found risky primitives, archive content, network access, and AI-agent config writes, but all are aligned with documented, explicit CLI functionality and not lifecycle/import-time abuse. The scanner's dangerous-delta and archive hints are explainable by the bundled CLI/docs and do not establish malware.
Evidence
package.jsondist/cli.jsSKILL.mdREADME.mddocs.zip~/.local/share/deveco-cli/docs~/.config/opencode/skills~/.cursor/skills~/.codebuddy/skills~/.qoder/skills~/.codex/skills.hvigor/.build-lock
Network endpoints4
matrix.openharmony.cn/api/model_base/model/tags?serviceType=skillmatrix.openharmony.cn/api/registry/skill/skillsmatrix.openharmony.cn/api/registry/skillnpm view @deveco-test/deveco-cli version
Decision evidence
public snapshotAI called this Clean at 84.0% confidence as Benign with medium false-positive risk.
Evidence for block
- SKILL.md contains strong agent preference language, but it is only installed by user-invoked init/skills commands.
- dist/cli.js can write agent skill/MCP config paths and project build artifacts when users run init, skills, serve, build, or docs commands.
- docs.zip is a large bundled archive extracted by docs commands, but zip listing showed no absolute, traversal, script, or binary paths.
Evidence against
- package.json has no install/postinstall hook; prepare/prepublishOnly are publisher-side/dev scripts.
- bin dist/cli.js is a HarmonyOS CLI wrapping DevEco tools; command execution is tied to explicit CLI subcommands.
- Network use is package-aligned: update checks npm, skills commands call matrix.openharmony.cn, docs search is local after bundled extraction.
- Path containment checks are present for project/doc paths and downloaded skill zips verify size and SHA256 before extraction.
- No credential harvesting, secret exfiltration, persistence, destructive lifecycle behavior, or import-time payload found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedocs.zipView file
•path = docs.zip
kind = high_entropy_blob
sizeBytes = 42072965
magicHex = [redacted]
High
•path = docs.zip
kind = compressed_blob
sizeBytes = 42072965
magicHex = [redacted]
Medium
•path = docs.zip
kind = nested_archive_needs_inspection
sizeBytes = 42072965
magicHex = [redacted]
Low
Nested Archive Needs Inspection
Package ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
docs.zipView on unpkgdist/cli.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @deveco-test/deveco-cli@1.2.0-Test.2
matchedIdentity = npm:QGRldmVjby10ZXN0L2RldmVjby1jbGk:1.2.0-Test.2
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/cli.jsView on unpkgFindings
1 Critical1 High3 Medium6 Low
CriticalPrevious Version Dangerous Deltadist/cli.js
HighShips High Entropy Blobdocs.zip
MediumEnvironment Vars
MediumShips Compressed Blobdocs.zip
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNested Archive Needs Inspectiondocs.zip