registry  /  @exulu/backend  /  1.69.3

@exulu/backend@1.69.3

**Exulu IMP** (Intelligence Management Platform) is an open-source TypeScript framework for building production-ready AI agent applications. It provides the backend infrastructure for managing agents, semantic search contexts, background job processing, a

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The risky behavior is package-aligned install/runtime setup for a backend with Python transcription and AI/sandbox features.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install, npx @exulu/backend setup-python, or runtime app feature use
Impact
Installs dependencies and may contact configured local/upstream services; no evidence of credential theft, persistence, or destructive install behavior.
Mechanism
package-local Python virtualenv setup and user-invoked backend services
Rationale
Static inspection found install-time execution and powerful runtime primitives, but they are documented, package-local, and aligned with the backend's advertised Python/AI service functionality. I found no concrete exfiltration, persistence, destructive action, dependency confusion, or unconsented AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall.cjsbin/backend.cjsbin/setup-python.cjsee/python/setup.shee/python/requirements.txtdist/index.jsee/invoke-skills/create-sandbox.tsee/python/transcription/server.pyee/python/transcription/worker.pyee/python/.venv
Network endpoints3
download.pytorch.org/whl/cu124127.0.0.1:4000/model/info127.0.0.1:9876/healthz

Decision evidence

public snapshot
AI called this Clean at 83.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json runs preinstall Node version gate and postinstall scripts/postinstall.cjs
  • scripts/postinstall.cjs executes package-local ee/python/setup.sh at install time unless skipped
  • ee/python/setup.sh creates ee/python/.venv and pip-installs requirements; optional torch wheel index is download.pytorch.org
  • ee/invoke-skills/create-sandbox.ts exposes bash/readFile/writeFile tools and can degrade sandboxing, but this is app runtime functionality
Evidence against
  • No credential harvesting or exfiltration found in inspected lifecycle/bin entrypoints
  • bin/backend.cjs only dispatches documented package-local subcommands
  • dist/index.js import path defines exports and Redis helpers; no install/import-time destructive behavior found
  • Secret-looking patterns in dist/index.js are documentation/example placeholders, not live keys
  • Network use is aligned with backend, LiteLLM, Whisper, S3, OCR, and user-invoked service features
  • Python test __init__.py is empty; no hidden executable payload observed there
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 36 file(s), 2.26 MB of source, external domains: console.cloud.google.com, www.google.com, www.python.org

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.preinstall = node -e "if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
12659patternName = private_key_rsa severity = critical line = 12659 matchedText = "private...--",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L12659
12659patternName = private_key_rsa severity = critical line = 12659 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L12659
dist/chunk-WCP3WZM3.jsView file
39var databaseExistsChecked = false; L40: var dbName = process.env.POSTGRES_DB_NAME || "exulu"; L41: async function ensureDatabaseExists() { ... L234: // src/exulu/litellm/supervisor.ts L235: import { spawn } from "child_process"; L236: import { existsSync } from "fs"; ... L258: const masterKey = process.env.LITELLM_MASTER_KEY; L259: const configPath = process.env.LITELLM_CONFIG_PATH ?? resolve(process.cwd(), "./config.litellm.yaml"); L260: const venvBin = resolve(packageRoot, "ee/python/.venv/bin"); ... L266: var pollHealth = async (host, port) => { L267: const url = `http://${host}:${port}/health/liveliness`; L268: const deadline = Date.now() + READY_TIMEOUT_MS;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-WCP3WZM3.jsView on unpkg · L39
ee/python/setup.shView file
path = ee/python/setup.sh kind = build_helper sizeBytes = 10741 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

ee/python/setup.shView on unpkg
ee/python/transcription/tests/__init__.pyView file
path = ee/python/transcription/tests/__init__.py kind = payload_in_excluded_dir sizeBytes = 0
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

ee/python/transcription/tests/__init__.pyView on unpkg
dist/index.cjsView file
23814patternName = private_key_rsa severity = critical line = 23814 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.cjs

dist/index.cjsView on unpkg · L23814

Findings

4 Critical2 High6 Medium7 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighPayload In Excluded Diree/python/transcription/tests/__init__.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperee/python/setup.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-WCP3WZM3.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License