registry  /  @roarpeng/graphflow  /  1.3.2

@roarpeng/graphflow@1.3.2

**A Context-Aware Multi-Agent Orchestration Engine**

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No source-grounded attack surface could be established without filesystem inspection.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
Filesystem inspection was not completed, so no reliable source-based verdict can be made.

Decision evidence

public snapshot
AI called this Manual Review at 10.0% confidence as Unknown with high false-positive risk.
Evidence for block
  • Inspection could not be performed in this constrained response path.
Evidence against
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 126 file(s), 811 KB of source, external domains: api.anthropic.com, api.deepseek.com, api.openai.com, ark.cn-beijing.volces.com, dashscope.aliyuncs.com, huggingface.co

    Source & flagged code

    4 flagged · loading source
    package.jsonView file
    scripts.postinstall = node scripts/safe-postinstall.cjs
    High
    Install Time Lifecycle Scripts

    Package defines install-time lifecycle scripts.

    package.jsonView on unpkg
    dist/core/dag-checkpoint.jsView file
    18exports.computeDagId = computeDagId; L19: const logger_1 = require("../utils/logger"); L20: const hash_1 = require("../utils/hash");
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/core/dag-checkpoint.jsView on unpkg · L18
    scripts/safe-postinstall.cjsView file
    1Install-time AI-agent control hijack evidence: L1: #!/usr/bin/env node L2: const { existsSync, mkdirSync, copyFileSync, readFileSync, writeFileSync, unlinkSync } = require("node:fs"); L3: const { join } = require("node:path"); ... L34: try { L35: writeFileSync(VERSION_FILE, version, "utf8"); L36: } catch { ... L130: L131: mkdirSync(skillDestDir, { recursive: true }); L132: copyFileSync(sk[redacted], skillDestFile); L133: ... L217: /** L218: * 获取 CLAUDE.md 源文件路径 Payload evidence from dist/integrations/agent-mcp-installer.js: L16: exports.formatModelConfigGuide = formatModelConfigGuide; L17: const node_child_process_1 = require("node:child_process"); L18: const node_fs_1 = require("node:fs"); ... L21: function isWindows() { L22: return process.platform === "win32"; L23: } ... L54: try { L55: const output = (0, node_child_process_1.execFileSync)("cmd.exe", ["/c", "echo %USERPROFILE%"], { L56: encoding: "utf8", ... L74: const home = (0, node_os_1.homedir)(); L75: const appData = process.env.APPDATA ?? (isWindows() ? (0, node_path_1.join)(home, "AppData", "Roaming") : ""); L76: const localAppData = process.env.LOCALAPPDATA ?? (isWindows() ? (0, node_path_1.join)(home, "AppData", "Loc…
    Critical
    Ai Agent Control Hijack

    Install-time source drops package-supplied AI-agent/MCP control files or instructions.

    scripts/safe-postinstall.cjsView on unpkg · L1
    wasm/tree-sitter-go.wasmView file
    path = wasm/tree-sitter-go.wasm kind = wasm_module sizeBytes = 235957 magicHex = [redacted]
    Medium
    Ships Wasm Module

    Package ships WebAssembly modules.

    wasm/tree-sitter-go.wasmView on unpkg

    Findings

    1 Critical1 High5 Medium5 Low
    CriticalAi Agent Control Hijackscripts/safe-postinstall.cjs
    HighInstall Time Lifecycle Scriptspackage.json
    MediumDynamic Requiredist/core/dag-checkpoint.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Wasm Modulewasm/tree-sitter-go.wasm
    MediumStructural Risk Force Deep Review
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings