AI Security Review
scanned 1d ago · by lpm-firewall-aiAn explicit CLI setup registers a package-owned stdio MCP server and bundled skills in a user-selected AI client. Runtime stores Maodashu tokens and makes authenticated calls to its fixed gateway; no automatic install-time attack surface is established.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `maodashu setup --client <codebuddy|cursor|claude>` or invokes CLI/MCP authentication and tools.
Impact
Selected client configuration changes and authorized creative-platform requests.
Mechanism
Explicit MCP configuration, package credential storage, and authenticated gateway API calls.
Rationale
The package has user-invoked MCP setup and platform-auth capabilities, but source shows no install-time execution or concrete malicious chain. Its network, credential, and AI-client writes are package-aligned and explicit.
Evidence
package.jsondist/cli/parse.jsdist/installer/index.jsdist/auth/credentials.jsdist/auth/device-auth.jsdist/auth/company-ai-auth.jsdist/clients/gateway-client.jsskills/create-lip-sync-video/SKILL.mdskills/create-storyboard/SKILL.mdskills/generate-storyboard-images/SKILL.mdskills/generate-video/SKILL.mdskills/produce-video-project/SKILL.mdskills/search-materials/SKILL.md
Network endpoints1
ai-video-agent-226345-8-1257781291.sh.run.tcloudbase.com
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/installer/index.js` can register `maodashu-mcp` and copy skills into selected AI-client directories after explicit setup.
- `dist/auth/credentials.js` uses macOS `security` shell commands to store only this package's credentials.
Evidence against
- `package.json` has no `preinstall`, `install`, or `postinstall` hook.
- `dist/cli/parse.js` reaches setup only through a user-supplied `setup --client` command.
- `dist/clients/gateway-client.js` sends platform bearer tokens only to the configured Maodashu gateway APIs.
- No source evidence of credential harvesting, remote payload loading, eval, destructive actions, or stealth persistence.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/auth/credentials.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @maodashu/agent-bridge@0.1.0
matchedIdentity = npm:QG1hb2Rhc2h1L2FnZW50LWJyaWRnZQ:0.1.0
similarity = 0.684
summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/auth/credentials.jsView on unpkgFindings
1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/auth/credentials.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License