registry  /  @xuda.io/ai_module  /  1.1.5634

@xuda.io/ai_module@1.1.5634

Xuda AI Module

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No install-time attack surface is established. At runtime, an explicit API call can launch Codex with approval and sandbox protections bypassed and instruct it to operate on a supplied remote host.

Static reason
One or more suspicious static signals were detected.
Trigger
Caller invokes `execute_codex_request` with a prompt and remote host or local working directory.
Impact
A compromised or insufficiently authorized caller could cause unrestricted AI-agent shell actions on the configured host.
Mechanism
User-directed Codex CLI execution with optional SSH/SCP remote administration.
Rationale
Source inspection found a real high-risk, user-invoked AI-agent execution capability and a shipped credential file, but no concrete malicious installation or autonomous attack chain. Downgrade to warn for dangerous capability exposure rather than block as malware.
Evidence
package.jsonindex.mjsgpt.mjs.envtests/execute-codex-request.mjs
Network endpoints1
oauth2.googleapis.com/tokeninfo

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `index.mjs` exposes `execute_codex_request`, which spawns the configured `codex` CLI.
  • `index.mjs` defaults that Codex invocation to `--dangerously-bypass-approvals-and-sandbox`.
  • The Codex prompt directs requested remote work through SSH/SCP to a caller-supplied host.
  • `.env` ships an `OPENAI_API_KEY` entry.
  • `gpt.mjs` contains an import-time delayed MCP request, but is not the package entry point.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or prepare lifecycle hook.
  • `index.mjs` has no detected writes to `.codex`, `.claude`, `.cursor`, `.npmrc`, SSH, or system persistence paths.
  • The process-spawning path is an explicitly exported runtime API, not install-time execution.
  • Observed network use includes application features such as Google token validation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 13 file(s), 1.11 MB of source, external domains: example.com, fb.com, mcp.gotopanel.com, mcp.xuda.dev, www.w3.org, www.youtube.com, xuda.ai

Source & flagged code

5 flagged · loading source
1patternName = blocked_file severity = critical matchedText = .env redactedSecretContext = secretLikeLines = 1 L1: OPENAI_API_KEY=<redacted:56 token-like>
Critical
Critical Secret

Package contains a critical-looking secret pattern.

.envView on unpkg · L1
index_ms.mjsView file
8L9: const { MessageBroker } = await import(path.join(process.env.XUDA_HOME, 'common', 'ms_broker.mjs')); L10:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

index_ms.mjsView on unpkg · L8
index.mjsView file
6import { pathToFileURL } from 'node:url'; L7: import { spawn } from 'node:child_process'; L8: ... L33: return new Promise((resolve, reject) => { L34: const { onStdout, onStderr, ...spawn_options } = options; L35: const child = spawn(command, args, { ... L64: if (input) { L65: child.stdin.write(input); L66: } ... L109: try { L110: events.push(JSON.parse(line)); L111: } catch (err) {
Low
Weak Crypto

Package source references weak cryptographic algorithms.

index.mjsView on unpkg · L6
build_boaz_wiki.pyView file
path = build_boaz_wiki.py kind = build_helper sizeBytes = 14922 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

build_boaz_wiki.pyView on unpkg
.sitework/boaz-wiki/assets/favicon.icoView file
path = .sitework/boaz-wiki/assets/favicon.ico kind = high_entropy_blob sizeBytes = 151835 magicHex = [redacted]
High
Ships High Entropy Blob

Package ships high-entropy non-source blobs.

.sitework/boaz-wiki/assets/favicon.icoView on unpkg

Findings

1 Critical1 High5 Medium6 Low
CriticalCritical Secret.env
HighShips High Entropy Blob.sitework/boaz-wiki/assets/favicon.ico
MediumDynamic Requireindex_ms.mjs
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperbuild_boaz_wiki.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowWeak Cryptoindex.mjs
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings