registry  /  @seqyuan/annodex  /  0.1.101

@seqyuan/annodex@0.1.101

AI-native bioinformatics workspace by Annoroad

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface by static inspection. The package is an Annodex/Codex web UI with explicit CLI commands, local config writes, optional IM gateway, and user-invoked extension/update operations.

Static reason
No blocking static signals were detected.
Trigger
User runs annodex CLI commands or starts the local web server.
Impact
Creates Annodex-owned config/state/log/auth files and may connect to configured local or package-aligned services; no unconsented install-time mutation or exfiltration found.
Mechanism
Package-aligned local server, config seeding, diagnostics, update, MCP memory, and IM gateway functionality.
Rationale
The risky primitives are activated by explicit Annodex commands or its local web app and are aligned with the package purpose; no lifecycle hook, stealth persistence, credential sweep, or remote payload execution chain was found. Package-owned AI-agent context seeding occurs only at runtime under ~/.config/annodex, not through unconsented npm install hooks.
Evidence
package.jsonbin/annodex.jsbin/annodex-memory-mcp.jsbin/annodex-im-gateway.jsbin/annodex-kernel-exec.pylib/app-settings.jslib/macos-codex-security.jslib/im-media.jslib/im-cancel.js.next/server/app/api/skills/search/route.js.next/server/app/api/skills/install/route.js~/.config/annodex/settings.json~/.config/annodex/web-auth.json~/.config/annodex/annodex.json~/.config/annodex/annodex.log~/.config/annodex/im-gateway.json~/.config/annodex/SOUL.md~/.config/annodex/HARNESS.md
Network endpoints5
localhost:30121127.0.0.1:30121registry.npmjs.org/@seqyuan%2Fannodex/latestwss://openws.work.weixin.qq.comskills.sh

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • User-invoked runtime seeds ~/.config/annodex/SOUL.md and HARNESS.md in bin/annodex.js.
  • User-invoked doctor/repair can alter @openai/codex macOS xattrs/signature in lib/macos-codex-security.js.
Evidence against
  • package.json has no preinstall/install/postinstall hook; only prepublishOnly.
  • bin/annodex.js starts a local Next server and writes package-owned state/auth/log files under ~/.config/annodex.
  • Network use is package-aligned: localhost runtime, npm registry update check, WeCom gateway, skills search/install APIs.
  • Process termination is scoped to Annodex-like pids/ports after command-line verification.
  • No credential harvesting or arbitrary exfiltration found in reviewed entrypoints and helper libs.
  • Bundled high-entropy assets are fonts/pdf/thebe build artifacts, not staged payload launchers.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 1.36 MB of source, external domains: registry.npmjs.org, www.w3.org

Source & flagged code

4 flagged · loading source
bin/annodex.jsView file
6// eslint-disable-next-line @typescript-eslint/no-require-imports L7: const { spawn, spawnSync } = require("child_process"); L8: // eslint-disable-next-line @typescript-eslint/no-require-imports
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/annodex.jsView on unpkg · L6
bin/annodex-im-gateway.jsView file
4const fs = require("fs"); L5: const http = require("http"); L6: const https = require("https"); ... L25: for (const name of names) { L26: const value = process.env[name]; L27: if (value !== undefined && value !== "") return value; ... L32: function getAgentDir() { L33: return envFirst("ANNODEX_CONFIG_DIR", "ANNOVIBE_CONFIG_DIR") ?? path.join(os.homedir(), ".config", "annodex"); L34: } ... L56: try { L57: return JSON.parse(fs.readFileSync(statePath, "utf8")); L58: } catch {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/annodex-im-gateway.jsView on unpkg · L4
bin/annodex-kernel-exec.pyView file
path = bin/annodex-kernel-exec.py kind = build_helper sizeBytes = 4464 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/annodex-kernel-exec.pyView on unpkg
.next/static/media/7deddc85b7ffd1dc-s.p.woff2View file
path = .[redacted]-s.p.woff2 kind = high_entropy_blob sizeBytes = 18568 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.next/static/media/7deddc85b7ffd1dc-s.p.woff2View on unpkg

Findings

1 High5 Medium7 Low
HighShips High Entropy Blob.next/static/media/7deddc85b7ffd1dc-s.p.woff2
MediumDynamic Requirebin/annodex.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/annodex-kernel-exec.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptobin/annodex-im-gateway.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings