registry  /  @remotekit/client  /  0.25.2

@remotekit/client@0.25.2

RemoteKit 客户端 SDK(被管理端)

AI Security Review

scanned 2h ago · by lpm-firewall-ai

The SDK can connect to an integrator-configured Socket.IO server and dispatch commands. Optional helpers can execute shell commands or dynamically evaluate plugin source, creating a remote-code-execution capability when enabled by the consumer.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer creates and starts RemoteKitClient, then enables/registers shell or dynamic-plugin functionality.
Impact
A configured management server could run commands, manage processes, access permitted files, or capture screens on the host.
Mechanism
Authenticated remote command dispatch with optional shell execution and dynamic plugin evaluation.
Rationale
Source inspection shows an opt-in remote-management SDK with concrete RCE-capable features, but no autonomous execution, lifecycle hook, credential harvesting, or undisclosed exfiltration. Warn for dangerous dual-use capability rather than block as malicious.
Evidence
package.jsondist/index.cjs

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.cjs` PluginLoader executes `plugin.code` with `new Function` when `allowDynamic` is enabled.
  • `dist/index.cjs` exposes `shell:exec`, which runs supplied commands via `child_process.exec` when explicitly enabled.
  • `dist/index.cjs` includes remote-facing process kill/restart, file, system, and screen-capture handler factories.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or executable bin hook.
  • Importing `dist/index.cjs` only defines exports; network connection starts only after `RemoteKitClient.start()`.
  • Socket endpoint and authentication token are caller-supplied; no hard-coded external command-and-control host was found.
  • Dynamic plugins and shell execution are disabled unless the integrator opts in and registers/uses them.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemShellWebSocket
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 5 file(s), 213 KB of source

Source & flagged code

4 flagged · loading source
dist/index.jsView file
147import os from "os"; L148: import { execSync } from "child_process"; L149: function createSystemHandlers() {
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L147
57Cross-file remote execution chain: dist/index.js spawns dist/chunk-K2EJONCQ.js; helper contains network access plus dynamic code execution. L57: try { L58: chunk = zlib.gunzipSync(params.data); L59: } catch { ... L110: const compressed = zlib.gzipSync(chunk); L111: return { data: compressed }; L112: } ... L147: import os from "os"; L148: import { execSync } from "child_process"; L149: function createSystemHandlers() { ... L162: arch: os.arch(), L163: hostname: os.hostname(), L164: uptime: os.uptime(),
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L57
778try { L779: const fn = new Function("exports", plugin.code); L780: const exports = {};
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/index.jsView on unpkg · L778
dist/chunk-K2EJONCQ.jsView file
221generateDeviceId() { L222: const hostname = __require("os").hostname(); L223: const raw = `${process.pid}:${hostname}:${Date.now()}`;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/chunk-K2EJONCQ.jsView on unpkg · L221

Findings

3 High2 Medium4 Low
HighChild Processdist/index.js
HighShell
HighCross File Remote Execution Contextdist/index.js
MediumDynamic Requiredist/chunk-K2EJONCQ.js
MediumEnvironment Vars
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings