registry  /  @maodashu/agent-bridge  /  0.1.1

@maodashu/agent-bridge@0.1.1

猫大叔创意平台 CLI & MCP 智能体桥接工具

AI Security Review

scanned 1d ago · by lpm-firewall-ai

An explicit CLI setup registers a package-owned stdio MCP server and bundled skills in a user-selected AI client. Runtime stores Maodashu tokens and makes authenticated calls to its fixed gateway; no automatic install-time attack surface is established.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `maodashu setup --client <codebuddy|cursor|claude>` or invokes CLI/MCP authentication and tools.
Impact
Selected client configuration changes and authorized creative-platform requests.
Mechanism
Explicit MCP configuration, package credential storage, and authenticated gateway API calls.
Rationale
The package has user-invoked MCP setup and platform-auth capabilities, but source shows no install-time execution or concrete malicious chain. Its network, credential, and AI-client writes are package-aligned and explicit.
Evidence
package.jsondist/cli/parse.jsdist/installer/index.jsdist/auth/credentials.jsdist/auth/device-auth.jsdist/auth/company-ai-auth.jsdist/clients/gateway-client.jsskills/create-lip-sync-video/SKILL.mdskills/create-storyboard/SKILL.mdskills/generate-storyboard-images/SKILL.mdskills/generate-video/SKILL.mdskills/produce-video-project/SKILL.mdskills/search-materials/SKILL.md
Network endpoints1
ai-video-agent-226345-8-1257781291.sh.run.tcloudbase.com

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/installer/index.js` can register `maodashu-mcp` and copy skills into selected AI-client directories after explicit setup.
  • `dist/auth/credentials.js` uses macOS `security` shell commands to store only this package's credentials.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • `dist/cli/parse.js` reaches setup only through a user-supplied `setup --client` command.
  • `dist/clients/gateway-client.js` sends platform bearer tokens only to the configured Maodashu gateway APIs.
  • No source evidence of credential harvesting, remote payload loading, eval, destructive actions, or stealth persistence.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 23 file(s), 73.5 KB of source, external domains: ai-video-agent-226345-8-1257781291.sh.run.tcloudbase.com, www.xhsbkscq.cn

Source & flagged code

1 flagged · loading source
dist/auth/credentials.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @maodashu/agent-bridge@0.1.0 matchedIdentity = npm:QG1hb2Rhc2h1L2FnZW50LWJyaWRnZQ:0.1.0 similarity = 0.684 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/auth/credentials.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/auth/credentials.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License