registry  /  @exulu/backend  /  1.70.0

@exulu/backend@1.70.0

**Exulu IMP** (Intelligence Management Platform) is an open-source TypeScript framework for building production-ready AI agent applications. It provides the backend infrastructure for managing agents, semantic search contexts, background job processing, a

AI Security Review

scanned 6d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package has install-time Python environment setup and runtime AI-agent sandbox/file/network features, but they are documented and user/application-invoked rather than covert.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
npm install runs postinstall unless skipped; runtime features activate when app imports/uses backend APIs or CLI subcommands.
Impact
Installs Python dependencies into package venv; runtime may access configured services and session files as part of backend operation.
Mechanism
package-aligned Python setup and AI backend runtime capabilities
Rationale
Static inspection found risky primitives, but they match a documented backend for AI agents, document processing, transcription, and sandboxed session tools. There is no concrete covert install/import-time exfiltration, destructive action, persistence, or agent-control hijack.
Evidence
package.jsonscripts/postinstall.cjsee/python/setup.shee/python/requirements.txtbin/backend.cjsbin/setup-python.cjsdist/cli/start-whisper.cjsdist/index.jsee/invoke-skills/create-sandbox.tsee/python/.venv/tmp/exulu-pdf-cache/tmp/exulu-sessions
Network endpoints4
download.pytorch.org/whl/cu124{region}.recall.ai/api/v1127.0.0.1:4000127.0.0.1:9876

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Install lifecycle creates ee/python/.venv and pip-installs requirements; includes external PyTorch index https://download.pytorch.org/whl/cu124 when WHISPER_GPU=cuda.
  • Runtime code includes AI sandbox/bash and file tools in ee/invoke-skills/create-sandbox.ts/dist/index.js, a dangerous capability but package-aligned for an AI agent backend.
Evidence against
  • scripts/postinstall.cjs and ee/python/setup.sh are transparent Python dependency setup for documented transcription/document features, with SKIP_PYTHON_SETUP/CI skip paths.
  • No source evidence of credential harvesting or exfiltration; env vars are used for configured Redis, S3, SMTP, model providers, telemetry, and auth.
  • Scanner 'critical secret' is an example Google service-account JSON string with placeholder private_key in dist/index.js, not a real embedded secret.
  • bin/backend.cjs only dispatches documented subcommands; dist/cli/start-whisper.cjs starts local uvicorn server from package venv on configured host/port.
  • Network references are package-aligned: local Redis/LiteLLM/Whisper, Recall API, provider SDKs, S3/upload, Signoz OTLP, PyPI/pip setup.
  • No AI-agent control-surface mutation, persistence outside package setup dirs, destructive install behavior, or hidden payload carrier found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicenseWildcardDependency
scanned 36 file(s), 2.27 MB of source, external domains: console.cloud.google.com, www.google.com, www.python.org

Source & flagged code

9 flagged · loading source
package.jsonView file
scripts.preinstall = node -e "if (process.version !== 'v22.18.0') { console.error('❌ Wrong Node.js version. Expected v22.18.0, got ' + process.version); process.exit(1); }"
Critical
Red Install Lifecycle Script

Install-time lifecycle script matches a deterministic static-gate block pattern.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.cjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/index.jsView file
12701patternName = private_key_rsa severity = critical line = 12701 matchedText = "private...--",
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/index.jsView on unpkg · L12701
12701patternName = private_key_rsa severity = critical line = 12701 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.js

dist/index.jsView on unpkg · L12701
dist/chunk-WCP3WZM3.jsView file
39var databaseExistsChecked = false; L40: var dbName = process.env.POSTGRES_DB_NAME || "exulu"; L41: async function ensureDatabaseExists() { ... L234: // src/exulu/litellm/supervisor.ts L235: import { spawn } from "child_process"; L236: import { existsSync } from "fs"; ... L258: const masterKey = process.env.LITELLM_MASTER_KEY; L259: const configPath = process.env.LITELLM_CONFIG_PATH ?? resolve(process.cwd(), "./config.litellm.yaml"); L260: const venvBin = resolve(packageRoot, "ee/python/.venv/bin"); ... L266: var pollHealth = async (host, port) => { L267: const url = `http://${host}:${port}/health/liveliness`; L268: const deadline = Date.now() + READY_TIMEOUT_MS;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/chunk-WCP3WZM3.jsView on unpkg · L39
ee/python/setup.shView file
path = ee/python/setup.sh kind = build_helper sizeBytes = 10741 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

ee/python/setup.shView on unpkg
ee/python/transcription/tests/__init__.pyView file
path = ee/python/transcription/tests/__init__.py kind = payload_in_excluded_dir sizeBytes = 0
High
Payload In Excluded Dir

Package hides binary, compressed, or executable-looking payloads in test/fixture/hidden paths.

ee/python/transcription/tests/__init__.pyView on unpkg
dist/index.cjsView file
23856patternName = private_key_rsa severity = critical line = 23856 matchedText = "private...--",
Critical
Secret Pattern

RSA private key in dist/index.cjs

dist/index.cjsView on unpkg · L23856

Findings

4 Critical2 High6 Medium7 Low
CriticalRed Install Lifecycle Scriptpackage.json
CriticalCritical Secretdist/index.js
CriticalSecret Patterndist/index.js
CriticalSecret Patterndist/index.cjs
HighInstall Time Lifecycle Scriptspackage.json
HighPayload In Excluded Diree/python/transcription/tests/__init__.py
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperee/python/setup.sh
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/chunk-WCP3WZM3.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License