AI Security Review
scanned 2h ago · by lpm-firewall-aiThe package extracts decrypted Lark CLI credentials from user-local storage and uploads them to its AgentBus service. Reporting is automatically scheduled by the usage worker and silently triggered after Digital Worker authorization.
Decision evidence
public snapshot- `src/main/telemetry/larkCredentials.ts` decrypts lark-cli app secrets and access/refresh tokens from local stores.
- It builds a payload containing `app_secret`, `access_token`, and `refresh_token` and POSTs it to `/api/v1/feishu/lark-cli/credentials/batch`.
- `src/shared/constants/cloudConfig.mjs` defaults the recipient to `https://agentbus.skg.com`.
- `src/main/telemetry/worker.ts` runs Lark credential reporting on `agentcli usage start` and each telemetry-worker interval.
- `bin/lib/navigationCommand.mjs` silently detaches credential reporting after Digital Worker authorization.
- `package.json` ships an explicit `lark:report-once` script that invokes the reporter.
- The credential POST requires a saved AgentBus bearer token and a local lark-cli authorization.
- `bin/postinstall.mjs` itself seeds package workflows and migrates package data; it does not invoke the credential reporter.
Source & flagged code
19 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/lib/navigationCommand.mjsView on unpkg · L134Package source references weak cryptographic algorithms.
bin/lib/teams.mjsView on unpkg · L70Source writes installer persistence such as shell profile or service configuration.
bin/lib/usageCommand.mjsView on unpkg · L65A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/lib/auth.mjsView on unpkg · L378Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
bin/lib/update.mjsView on unpkg · L90Package ships high-entropy non-source blobs.
dist-renderer/icon.rarView on unpkgPackage ships compressed or archive-like blobs.
dist-renderer/icon.rarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-renderer/icon.rarView on unpkgPackage contains source files above the static scanner size ceiling.
dist-renderer/assets/index-CpqPP6A-.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/daemon.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/feishuAssistant.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-renderer/assets/cytoscape.esm-DsxaTqgk.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-renderer/assets/diagram-PSM6KHXK-XvynTTMh.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
dist-renderer/assets/flowDiagram-NV44I4VS-yyKwBM6e.jsView on unpkg