AgentCli: AI 工程协作平台,本地优先的用量采集与团队协作工具。
A successful AgentCli Lark digital-worker authorization silently triggers collection, refresh, and upload of full Lark CLI credentials. The upload includes reusable application secrets and access/refresh tokens.
Package defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage source references dynamic require/import behavior.
bin/lib/navigationCommand.mjsView on unpkg · L136Package source references weak cryptographic algorithms.
bin/lib/teams.mjsView on unpkg · L70Source writes installer persistence such as shell profile or service configuration.
bin/lib/aikey.mjsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/lib/auth.mjsView on unpkg · L378Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/auth.mjsView on unpkgInstall-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
bin/lib/update.mjsView on unpkg · L90Package ships high-entropy non-source blobs.
dist-renderer/icon.rarView on unpkgPackage ships compressed or archive-like blobs.
dist-renderer/icon.rarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-renderer/icon.rarView on unpkgPackage contains source files above the static scanner size ceiling.
dist-renderer/assets/index-C1Gc2uYo.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/hermit.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/daemon.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/usageCommand.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/feishuAssistant.mjsView on unpkgPackage defines install-time lifecycle scripts.
package.jsonView on unpkg · L42Install-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkg · L42Install-time source drops package-supplied AI-agent/MCP control files or instructions.
bin/postinstall.mjsView on unpkg · L1Package source invokes a package manager install command at runtime.
bin/lib/update.mjsView on unpkg · L90Package ships high-entropy non-source blobs.
dist-renderer/icon.rarView on unpkgPackage ships compressed or archive-like blobs.
dist-renderer/icon.rarView on unpkgPackage ships a nested archive or MCP bundle that was inventoried but not recursively analyzed.
dist-renderer/icon.rarView on unpkgPackage contains source files above the static scanner size ceiling.
dist-renderer/assets/index-C1Gc2uYo.jsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/hermit.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/daemon.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/usageCommand.mjsView on unpkgSource file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/feishuAssistant.mjsView on unpkgPackage source references dynamic require/import behavior.
bin/lib/navigationCommand.mjsView on unpkg · L136Package source references weak cryptographic algorithms.
bin/lib/teams.mjsView on unpkg · L70Source writes installer persistence such as shell profile or service configuration.
bin/lib/aikey.mjsView on unpkg · L13A single source file combines environment access, network access, and code or shell execution; review context before blocking.
bin/lib/auth.mjsView on unpkg · L378Source file is highly similar to a previously finalized malicious package; route for source-aware review.
bin/lib/auth.mjsView on unpkg