registry  /  @monkeyplus/flow  /  6.0.167

@monkeyplus/flow@6.0.167

@monkeyplus/flow package-first runtime with Vite, Nitro, Vue and a workspace playground.

AI Security Review

scanned 9d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are framework-aligned and activated by runtime server/CMS/image workflows or explicit CLI commands.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Explicit CLI use or application runtime using Flow CMS, Strapi, GitHub, SSR, or image modules.
Impact
Expected project file generation and package-aligned API requests; no confirmed unauthorized exfiltration or persistence.
Mechanism
Framework routing, CMS API helpers, image generation, and optional skills documentation copy.
Rationale
Static inspection found framework-aligned network, filesystem, dynamic import, and agent-skill-copy features, but no lifecycle execution, hidden payload, hostile skill instructions, credential harvesting, or unauthorized exfiltration. The scanner's high-risk labels appear to be noisy for this package.
Evidence
package.jsonsrc/cli.mjsserver/renderer.mjsmodules/images/cli-pregenerate.mjsmodules/images/cli-optimize-public.mjsmodules/images/runtime/build.mjscms/server/utils/github_token.mjscms/server/utils/github.mjsmodules/strapi/runtime/client.mjsmodules/strapi/proxy.mjsskills/.agents/skillspublic/node_modules/.cache-imagesshared/seo_images
Network endpoints12
api.github.com/metaapi.github.com/app/installationsapi.github.com/app/installations/{installationId}/access_tokensapi.github.com{fullUrl}localhost:1337localhost:3000cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.jscms2-demo.netlify.app/assets/windi.csscms2-demo.netlify.app/assets/cms.csscms2-demo.netlify.app/assets/cms.jsidentity.netlify.com/v1/netlify-identity-widget.jsunpkg.com/netlify-cms@^2.0.0/dist/netlify-cms.js

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • src/cli.mjs user-invoked `flow skills` copies packaged docs into `.agents/skills`.
  • server/renderer.mjs dynamically imports local Nitro/Vite SSR service paths.
  • cms/server/utils/github_token.mjs and github.mjs use GitHub tokens for GitHub API calls.
  • modules/images/runtime/build.mjs can fetch configured image domains and writes generated image outputs.
Evidence against
  • package.json has no lifecycle scripts; entrypoints are explicit exports and bins.
  • src/cli.mjs only copies bundled `skills/` after explicit `flow skills` command; no install/import-time mutation.
  • Inspected skills are Spanish Flow framework docs/references, not hostile agent instructions.
  • cms/dist/assets/api-DZ54n4La.js bidi/invisible scan returned no matches.
  • Network use is package-aligned: Strapi proxy/client, GitHub CMS utilities, image optimization, CDN/admin assets.
  • No credential harvesting or exfiltration to attacker-controlled endpoints found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareUrlStrings
ManifestNo manifest risk signals triggered.
scanned 914 file(s), 27.3 MB of source, external domains: api.github.com, api.iconify.design, api.simplesvg.com, api.unisvg.com, avatars.githubusercontent.com, cdnjs.cloudflare.com, cms2-demo.netlify.app, github.com, json-schema.org, prosemirror.net, www.sitemaps.org, www.w3.org

Source & flagged code

2 flagged · loading source
server/renderer.mjsView file
24try { L25: const ssrService = await import( L26: /* @vite-ignore */
Medium
Dynamic Require

Package source references dynamic require/import behavior.

server/renderer.mjsView on unpkg · L24
cms/dist/assets/api-DZ54n4La.jsView file
203contains invisible/control Unicode U+200D (zero width joiner) `,bD=`️`,xD=`<U+200D>`,SD=``,CD=null,wD=null;function TD(e=[]){let t={};cE.groups=t;let n=new cE;CD??=kD(qT),wD??=kD(JT),Q(n,`'`,BE),Q(n,`{`,CE),Q(n,`}`,wE),Q(n,`[`,TE),Q(n,`]`,EE),Q(n,`(`,DE),Q(n,`)`,OE),Q(n,`<`,kE),Q(n,`>`,AE),Q(n,`(`,jE
Critical
Trojan Source Unicode

Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

cms/dist/assets/api-DZ54n4La.jsView on unpkg · L203

Findings

1 Critical5 Medium4 Low
CriticalTrojan Source Unicodecms/dist/assets/api-DZ54n4La.js
MediumDynamic Requireserver/renderer.mjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings