registry  /  @optima-chat/scout-cli  /  0.24.0

@optima-chat/scout-cli@0.24.0

AI-powered product research CLI - Amazon, TikTok Shop, Shein, Temu search and 1688 supplier sourcing with real sales data

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed install-time attack surface exists. An explicit `scout init` command attempts to install a Claude skill into the current project, but its packaged source path is absent and the action fails before writing.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `scout init` or `scout project health-check --kb`.
Impact
Potential project-local agent extension setup is explicit and currently nonfunctional; no confirmed persistence or exfiltration chain.
Mechanism
User-invoked project skill setup and KB lint subprocess.
Rationale
The static alert overstates user-invoked networking and shell use as malicious behavior. The only AI-agent write path is explicit and broken in this artifact, so source inspection does not establish a malicious chain.
Evidence
package.jsondist/index.jsdist/commands/init.jsdist/commands/project.jsdist/utils/config.jsdist/utils/api.js.claude/skills/scout/SKILL.md~/.optima/token.json./.claude/skills/optima-scout/SKILL.md~/kb/product-research
Network endpoints4
dev.optima.sh:7290scout-api.stage.optima.onlscout-api.optima.onlscout.yzsgo.com

Decision evidence

public snapshot
AI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `dist/commands/init.js` explicitly targets `cwd/.claude/skills` on `scout init`.
  • `dist/commands/project.js` runs `npx kb-skills lint` only under `scout project health-check --kb`.
  • `dist/utils/config.js` reads `~/.optima/token.json`/`OPTIMA_TOKEN` for authenticated Scout API calls.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • Entrypoint wiring in `dist/index.js` registers commands; no install-time network or file action is present.
  • `init.js` loads nonexistent `.claude/skills/optima-scout/SKILL.md`; bundled skill is `.claude/skills/scout/SKILL.md`, so the attempted agent-skill write does not complete as shipped.
  • Network calls in `dist/utils/api.js` use configured Optima Scout endpoints and command inputs; no unrelated exfiltration found.
  • No eval, VM, remote-code loader, credential harvesting beyond the service token, or destructive broad filesystem operation found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 46 file(s), 319 KB of source, external domains: custom.proxy, detail.1688.com, dev.optima.sh, github.com, sc-5.optima.onl, scout-api.optima.onl, scout-api.stage.optima.onl, scout.example.com, scout.yzsgo.com, shop123.1688.com, v16-webapp.tiktok.com, weixin.qq.com, www.douyin.com, www.tiktok.com

Source & flagged code

3 flagged · loading source
dist/commands/project.jsView file
4import { homedir } from 'os'; L5: import { execSync } from 'child_process'; L6: import { setProject, getContext, _resetCache } from '../utils/context.js';
High
Child Process

Package source references child process execution.

dist/commands/project.jsView on unpkg · L4
212const kbDir = join(homedir(), 'kb', 'product-research'); L213: const lintOutput = execSync(`npx kb-skills lint --dir "${kbDir}"`, { L214: encoding: 'utf-8',
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/commands/project.jsView on unpkg · L212
dist/utils/config.test.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @optima-chat/scout-cli@0.23.0 matchedIdentity = npm:QG9wdGltYS1jaGF0L3Njb3V0LWNsaQ:0.23.0 similarity = 0.933 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/utils/config.test.jsView on unpkg

Findings

1 Critical3 High3 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/utils/config.test.js
HighChild Processdist/commands/project.js
HighShell
HighRuntime Package Installdist/commands/project.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings