registry  /  @pm_zhousl/xinyun-ai-init  /  1.0.2

@pm_zhousl/xinyun-ai-init@1.0.2

欣芸技术开发 Agent 流初始化包

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `npx @pm_zhousl/xinyun-ai-init` and then asks an AI tool to follow the copied README.
Impact
Can establish project-local AI guidance and documentation files after the user-directed follow-up; no concrete exfiltration or remote execution chain was found.
Mechanism
Explicit user-command AI-agent workflow/configuration setup.
Rationale
No malicious execution, exfiltration, persistence, or install-time behavior was found. The package still warrants a warning under the explicit user-command AI-agent configuration policy because it seeds instructions to modify agent guidance in the target project.
Evidence
package.jsonbin/xinyun-ai-init.jsinit/xinyun-ai-init/README.mdinit/xinyun-ai-init/templates/AGENTS.template.mdscripts/publish-with-token.ps1xinyun-ai-init/AGENTS.mdxinyun-ai/

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • Explicit CLI copies an AI-workflow bundle into the caller's project.
  • Copied instructions direct an AI to create project-root `AGENTS.md` and `xinyun-ai/` files.
  • `--force` removes and replaces the caller's `xinyun-ai-init/` directory.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hook.
  • CLI has no network, shell, eval, credential-harvesting, or dynamic payload behavior.
  • Agent templates require user confirmation before business-code or configuration changes.
  • Publish helper uses an operator-provided npm token only for explicit publishing and removes temporary `.npmrc`.
Behavioral surface
Source
Filesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 1.77 KB of source

Source & flagged code

1 flagged · loading source
scripts/publish-with-token.ps1View file
path = scripts/publish-with-token.ps1 kind = build_helper sizeBytes = 2651 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/publish-with-token.ps1View on unpkg

Findings

1 Medium3 Low
MediumShips Build Helperscripts/publish-with-token.ps1
LowScripts Present
LowFilesystem
LowHigh Entropy Strings