registry  /  @maodashu/agent-bridge  /  0.1.10

@maodashu/agent-bridge@0.1.10

猫大叔创意平台 CLI & MCP 智能体桥接工具

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `maodashu setup --client <codebuddy|cursor|claude|codex>` and later starts the configured MCP server.
Impact
Adds a package-controlled MCP capability to the selected user agent; no unconsented install-time mutation or concrete malicious behavior was confirmed.
Mechanism
Explicit AI-agent MCP/skill installation plus authenticated gateway client.
Rationale
The package creates a user-level AI-agent integration only through an explicit setup command, so it is not malicious under the install-control-surface policy. It warrants a warning because that command alters agent control surfaces and enables a remote MCP capability.
Evidence
package.jsondist/installer/index.jsdist/cli/commands/setup.jsdist/mcp/server.jsdist/clients/gateway-client.jsdist/auth/credentials.js
Network endpoints2
ai-video-agent-226345-8-1257781291.sh.run.tcloudbase.comwww.xhsbkscq.cn/docs/agent-bridge

Decision evidence

public snapshot
AI called this Suspicious at 92.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/installer/index.js` explicitly configures MCP for Cursor, CodeBuddy, Claude, and Codex.
  • `setupClient` writes user agent config and copies six package skills into agent skill directories.
  • Installed MCP config launches `maodashu-mcp` and sets a remote gateway URL.
  • `dist/auth/credentials.js` stores OAuth credentials in Keychain or `~/.maodashu-agent/credentials.json`.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • Agent configuration mutation requires the explicit `maodashu setup --client ...` command.
  • Network calls are authenticated API/device-login requests to the configured product gateway.
  • No source evidence of arbitrary command execution, payload download, broad file harvesting, or stealth persistence.
Behavioral surface
Source
ChildProcessEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 25 file(s), 112 KB of source, external domains: ai-video-agent-226345-8-1257781291.sh.run.tcloudbase.com, www.xhsbkscq.cn

Source & flagged code

1 flagged · loading source
dist/auth/auth-diagnostics.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @maodashu/agent-bridge@0.1.8 matchedIdentity = npm:QG1hb2Rhc2h1L2FnZW50LWJyaWRnZQ:0.1.8 similarity = 0.810 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/auth/auth-diagnostics.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/auth/auth-diagnostics.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License