registry  /  @wujie-shell/create  /  1.0.6

@wujie-shell/create@1.0.6

AI Security Review

scanned 18h ago · by lpm-firewall-ai

No confirmed unconsented install-time or import-time attack surface was established. The package is a user-invoked project scaffold; its generated development launcher starts local tooling and polls localhost only.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Explicit `create-shell-app` invocation or a generated project's explicit development command
Impact
Writes the selected scaffold target only when explicitly invoked; no confirmed exfiltration, persistence, or remote payload execution
Mechanism
Copies/scaffolds templates and launches local development tools
Rationale
Despite obfuscated distributed scaffold code, direct inspection found no lifecycle execution or concrete malicious chain. The suspicious primitives are consistent with an explicitly invoked project generator and generated local Electron development tooling.
Evidence
package.jsonbin/create-shell-app.mjsdist/src/scaffold.mjsdist/bundled-templates/templates/_base/scripts/dev.mjsdist/bundled-templates/templates/_base/scripts/package.mjsdist/bundled-templates/templates/_base/package.jsondist/bundled-templates/templates/_base/electron/main.mjsdist/bundled-templates/templates/_base/_env

Decision evidence

public snapshot
AI called this Clean at 83.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `dist/src/scaffold.mjs` is obfuscated, reducing auditability.
  • The CLI accepts user-supplied `--template-repo`, so explicit scaffolding can use a remote template source.
Evidence against
  • `package.json` has no preinstall/install/postinstall/prepare lifecycle hook.
  • `bin/create-shell-app.mjs` runs only when the user invokes `create-shell-app`.
  • The readable CLI only parses options and calls scaffold/copy/upgrade functions.
  • `dev.mjs` uses local `127.0.0.1` polling and explicit `pnpm`/Electron development commands.
  • No inspected code uses eval/vm, credential harvesting, persistence, or foreign AI-agent config mutation.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
Manifest
NoLicense
scanned 52 file(s), 246 KB of source, external domains: 127.0.0.1

Source & flagged code

6 flagged · loading source
bin/create-shell-app.mjsView file
9upgradeShellDependencies, L10: } = await import( L11: existsSync(new URL('../dist/src/scaffold.mjs', import.meta.url))
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/create-shell-app.mjsView on unpkg · L9
dist/bin/create-shell-app.mjsView file
1#!/usr/bin/env node L2: const _0x3a2351=_0x5e7c;(function(_0x39c037,_0x212b5f){const _0x57dbfe=_0x5e7c,_0x75f04e=_0x39c037();while(!![]){try{const _0x3f7534=-parseInt(_0x57dbfe(0xac))/0x1*(parseInt(_0x57d...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bin/create-shell-app.mjsView on unpkg · L1
dist/bundled-templates/templates/photo-sorter/skills/photo-face-sorter/scripts/query_photos.pyView file
path = dist/bundled-templates/templates/photo-sorter/skills/photo-face-sorter/scripts/query_photos.py kind = build_helper sizeBytes = 6088 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

dist/bundled-templates/templates/photo-sorter/skills/photo-face-sorter/scripts/query_photos.pyView on unpkg
dist/bundled-templates/templates/_base/build/icons/icon.icnsView file
path = dist/bundled-templates/templates/_base/build/icons/icon.icns kind = high_entropy_blob sizeBytes = 181917 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

dist/bundled-templates/templates/_base/build/icons/icon.icnsView on unpkg
dist/bundled-templates/templates/_base/scripts/dev.mjsView file
matchType = previous_version_dangerous_delta matchedPackage = @wujie-shell/create@1.0.5 matchedIdentity = npm:QHd1amllLXNoZWxsL2NyZWF0ZQ:1.0.5 similarity = 0.942 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/bundled-templates/templates/_base/scripts/dev.mjsView on unpkg
dist/docs/wujie-ai-business.mdView file
174patternName = generic_password severity = medium line = 174 matchedText = password...rd',
Medium
Secret Pattern

Hardcoded password in dist/docs/wujie-ai-business.md

dist/docs/wujie-ai-business.mdView on unpkg · L174

Findings

1 Critical3 High6 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/bundled-templates/templates/_base/scripts/dev.mjs
HighObfuscated Payload Loaderdist/bin/create-shell-app.mjs
HighObfuscated
HighShips High Entropy Blobdist/bundled-templates/templates/_base/build/icons/icon.icns
MediumDynamic Requirebin/create-shell-app.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdist/bundled-templates/templates/photo-sorter/skills/photo-face-sorter/scripts/query_photos.py
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/docs/wujie-ai-business.md
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License