registry  /  @seqyuan/annodex  /  0.1.108

@seqyuan/annodex@0.1.108

AI-native bioinformatics workspace by Annoroad

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is a CLI/web UI that starts local services, manages annodex state, and optionally bridges configured WeCom IM projects.

Static reason
No blocking static signals were detected.
Trigger
User invokes annodex CLI commands or starts the managed server.
Impact
Expected local config writes, process spawning/stopping for annodex-owned services, and configured network calls.
Mechanism
local service orchestration with optional IM/MCP integrations
Rationale
Source inspection found powerful runtime features, but they are user-invoked/package-aligned and not triggered by npm install or import. No unconsented agent control-surface mutation, exfiltration, remote payload loading, or stealth persistence was found.
Evidence
package.jsonbin/annodex.jsbin/annodex-memory-mcp.jsbin/annodex-im-gateway.jsbin/annodex-kernel-exec.pylib/app-settings.jslib/macos-codex-security.jslib/im-media.js~/.config/annodex/annodex.json~/.config/annodex/web-auth.json~/.config/annodex/settings.json~/.config/annodex/im-gateway.json~/.config/annodex/SOUL.md~/.config/annodex/HARNESS.md
Network endpoints4
localhost:30121127.0.0.1:<port>registry.npmjs.org/@seqyuan%2Fannodex/latestwss://openws.work.weixin.qq.com

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • bin/annodex.js can spawn Next/Codex processes and stop matching annodex-owned PIDs on explicit CLI use.
  • lib/macos-codex-security.js can clear xattrs or ad-hoc sign Codex binaries during explicit doctor/repair or runtime preparation.
  • bin/annodex-im-gateway.js connects to WeCom and reads configured bot secrets for the IM bridge.
Evidence against
  • package.json has no preinstall/install/postinstall hooks; only prepublishOnly pack check.
  • bin/annodex.js starts a local web UI and writes annodex-owned state/auth files under ~/.config/annodex.
  • Network use is package-aligned: local annodex APIs, npm registry version check, and configured WeCom gateway.
  • No credential harvesting or broad filesystem exfiltration found; secrets are used for local auth or configured IM bot operation.
  • bin/annodex-memory-mcp.js only proxies MCP tool calls to the local annodex server.
  • High-entropy blob is a woff2/font/static asset, not executable payload evidence.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 1.36 MB of source, external domains: registry.npmjs.org, www.w3.org

Source & flagged code

4 flagged · loading source
bin/annodex.jsView file
6// eslint-disable-next-line @typescript-eslint/no-require-imports L7: const { spawn, spawnSync } = require("child_process"); L8: // eslint-disable-next-line @typescript-eslint/no-require-imports
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/annodex.jsView on unpkg · L6
bin/annodex-im-gateway.jsView file
4const fs = require("fs"); L5: const http = require("http"); L6: const https = require("https"); ... L25: for (const name of names) { L26: const value = process.env[name]; L27: if (value !== undefined && value !== "") return value; ... L32: function getAgentDir() { L33: return envFirst("ANNODEX_CONFIG_DIR", "ANNOVIBE_CONFIG_DIR") ?? path.join(os.homedir(), ".config", "annodex"); L34: } ... L56: try { L57: return JSON.parse(fs.readFileSync(statePath, "utf8")); L58: } catch {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

bin/annodex-im-gateway.jsView on unpkg · L4
bin/annodex-kernel-exec.pyView file
path = bin/annodex-kernel-exec.py kind = build_helper sizeBytes = 4449 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

bin/annodex-kernel-exec.pyView on unpkg
.next/static/media/7deddc85b7ffd1dc-s.p.woff2View file
path = .[redacted]-s.p.woff2 kind = high_entropy_blob sizeBytes = 18568 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.next/static/media/7deddc85b7ffd1dc-s.p.woff2View on unpkg

Findings

1 High5 Medium7 Low
HighShips High Entropy Blob.next/static/media/7deddc85b7ffd1dc-s.p.woff2
MediumDynamic Requirebin/annodex.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbin/annodex-kernel-exec.py
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptobin/annodex-im-gateway.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings