registry  /  @exulu/backend  /  1.69.2

@exulu/backend@1.69.2

**Exulu IMP** (Intelligence Management Platform) is an open-source TypeScript framework for building production-ready AI agent applications. It provides the backend infrastructure for managing agents, semantic search contexts, background job processing, a

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package has a heavy install-time Python setup and runtime AI/agent tooling, but inspected behavior is aligned with backend, transcription, document processing, and LiteLLM features.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall unless skipped; runtime APIs/CLIs are user invoked
Impact
Creates package-local Python virtualenv and may contact package/dependency indexes; no confirmed unauthorized data access or exfiltration
Mechanism
package-aligned dependency setup and backend service tooling
Rationale
Static source inspection found risky primitives, but they are documented, package-aligned backend/transcription/AI-agent capabilities rather than unconsented malware behavior. The lifecycle script performs dependency setup in a package-local venv and does not harvest credentials, persist, destructively modify the host, or exfiltrate data.
Evidence
package.jsonscripts/postinstall.cjsee/python/setup.shee/python/requirements.txtbin/backend.cjsbin/setup-python.cjsdist/cli/start-whisper.cjsdist/index.jsee/invoke-skills/create-sandbox.tsee/python/transcription/tests/__init__.pyee/python/.venv
Network endpoints4
download.pytorch.org/whl/cu124huggingface.co/pyannote/segmentation-3.0huggingface.co/pyannote/speaker-diarization-3.1{region}.recall.ai/api/v1

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines preinstall/postinstall lifecycle hooks
  • scripts/postinstall.cjs runs ee/python/setup.sh during install unless skipped
  • ee/python/setup.sh creates ee/python/.venv and installs Python dependencies via pip
  • ee/invoke-skills/create-sandbox.ts exposes bash/readFile/writeFile tools for configured runtime skill agents
Evidence against
  • scripts/postinstall.cjs is a documented Python environment setup with CI/SKIP_PYTHON_SETUP bypass
  • ee/python/setup.sh installs declared transcription/document/LiteLLM dependencies, not hidden payloads
  • ee/python/transcription/tests/__init__.py is empty; no hidden executable payload found
  • dist/index.js import exports APIs; DB/LiteLLM/Python setup actions are user/runtime invoked
  • Secret-like scanner hit is placeholder documentation text, not a real embedded credential
  • No credential harvesting, persistence, destructive install behavior, or exfiltration endpoint found
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 36 file(s), 2.26 MB of source, external domains: console.cloud.google.com, www.google.com, www.python.org

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.preinstall = node -e "if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.preinstall = node -e "if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }"
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
12659patternName = private_key_rsa severity = critical line = 12659 matchedText = "private...--",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L12659
12659patternName = private_key_rsa severity = critical line = 12659 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L12659
dist/chunk-PJSDLFXL.jsView file
39var databaseExistsChecked = false; L40: var dbName = process.env.POSTGRES_DB_NAME || "exulu"; L41: async function ensureDatabaseExists() { ... L234: // src/exulu/litellm/supervisor.ts L235: import { spawn } from "child_process"; L236: import { existsSync } from "fs"; ... L258: const masterKey = process.env.LITELLM_MASTER_KEY; L259: const configPath = process.env.LITELLM_CONFIG_PATH ?? resolve(process.cwd(), "./config.litellm.yaml"); L260: const venvBin = resolve(packageRoot, "ee/python/.venv/bin"); ... L266: var pollHealth = async (host, port) => { L267: const url = `http://${host}:${port}/health/liveliness`; L268: const deadline = Date.now() + READY_TIMEOUT_MS;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-PJSDLFXL.jsView on unpkg · L39
ee/python/setup.shView file
path = ee/python/setup.sh kind = build_helper sizeBytes = 10741 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

ee/python/setup.shView on unpkg
ee/python/transcription/tests/__init__.pyView file
path = ee/python/transcription/tests/__init__.py kind = payload_in_excluded_dir sizeBytes = 0
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

ee/python/transcription/tests/__init__.pyView on unpkg
dist/index.cjsView file
23809patternName = private_key_rsa severity = critical line = 23809 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.cjs

dist/index.cjsView on unpkg · L23809

Findings

4 Critical2 High6 Medium7 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighPayload In Excluded Diree/python/transcription/tests/__init__.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperee/python/setup.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-PJSDLFXL.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License