registry  /  @yearhe9900/mb-toolbox-cli  /  1.1.6

@yearhe9900/mb-toolbox-cli@1.1.6

MB ToolBox CLI - 项目创建与模板管理工具

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious install-time or import-time behavior. Real risk remains because MCP/CLI user-controlled parameters are interpolated into shell commands executed with execSync.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes mb-cli create/reinstall/update or an MCP client calls create_project/reinstall_template.
Impact
Possible command injection or unintended package/template installation in the user's environment, but no source evidence of exfiltration or stealth persistence.
Mechanism
user-invoked shell execution with insufficient argument escaping
Rationale
Source inspection shows dangerous shell execution and MCP-exposed project creation, but the behavior is package-aligned and user-invoked with no lifecycle hook, exfiltration, persistence, or AI-agent config hijack. Treat as a warning for critical command-injection risk rather than a publish block.
Evidence
package.jsonsrc/cli.jssrc/mcp-server.mjssrc/core/dotnet.jssrc/core/create.jssrc/utils/dotnet.jssrc/utils/config.jssrc/commands/update.jssrc/commands/create.jssrc/commands/reinstall.js~/.mb-cli/config.jsonos.tmpdir()/dotnet-install.ps1os.tmpdir()/dotnet-install.shproject output directory from user/MCP parameters
Network endpoints4
builds.dotnet.microsoft.com/dotnet/scripts/v1/dotnet-install.ps1builds.dotnet.microsoft.com/dotnet/scripts/v1/dotnet-install.shuser-configured NuGet source URLnpm registry via npm install -g @yearhe9900/mb-toolbox-cli@latest

Decision evidence

public snapshot
AI called this Suspicious at 82.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • src/core/dotnet.js builds shell commands with projectName/output/options and runs execSync
  • src/mcp-server.mjs exposes create_project/reinstall_template over MCP, reaching shell-backed dotnet operations
  • src/core/dotnet.js downloads and executes dotnet-install scripts from builds.dotnet.microsoft.com on user command
  • src/commands/update.js runs npm install -g @yearhe9900/mb-toolbox-cli@latest when update command is invoked
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle scripts
  • No import-time execution beyond CLI/MCP entrypoint startup
  • No credential, env, SSH, or broad filesystem harvesting found by source search
  • Network use is for Microsoft dotnet install scripts, configured NuGet source, or npm self-update
  • Config writes are limited to ~/.mb-cli/config.json for user-provided NuGet source
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 12 file(s), 42.9 KB of source, external domains: builds.dotnet.microsoft.com, dotnet.microsoft.com

Source & flagged code

6 flagged · loading source
src/core/dotnet.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @yearhe9900/mb-toolbox-cli@1.1.5 matchedIdentity = npm:[redacted]:1.1.5 similarity = 1.000 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/core/dotnet.jsView on unpkg
6L7: const { execSync } = require('child_process'); L8: const path = require('path');
High
Child Process

Package source references child process execution.

src/core/dotnet.jsView on unpkg · L6
65const scriptPath = path.join(tempDir, 'dotnet-install.ps1'); L66: const downloadCmd = `powershell -NoProfile -ExecutionPolicy Bypass -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Use... L67: execSync(downloadCmd, { encoding: 'utf8', stdio: 'pipe' });
High
Shell

Package source references shell execution.

src/core/dotnet.jsView on unpkg · L65
6L7: const { execSync } = require('child_process'); L8: const path = require('path'); ... L59: // 尝试自动安装 .NET 10 L60: const isWin = process.platform === 'win32'; L61: const tempDir = os.tmpdir(); ... L65: const scriptPath = path.join(tempDir, 'dotnet-install.ps1'); L66: const downloadCmd = `powershell -NoProfile -ExecutionPolicy Bypass -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Use... L67: execSync(downloadCmd, { encoding: 'utf8', stdio: 'pipe' }); ... L112: try { L113: const parsed = JSON.parse(searchResult); L114: const version = parsed.searchResult?.[0]?.packages?.[0]?.latestVersion;
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/core/dotnet.jsView on unpkg · L6
src/core/create.jsView file
12createProjectPure, L13: } = require('./dotnet'); L14:
Medium
Dynamic Require

Package source references dynamic require/import behavior.

src/core/create.jsView on unpkg · L12
src/commands/update.jsView file
11// 获取当前版本 L12: const currentVersion = exec('mb-cli --version'); L13: console.log(chalk.gray(`当前版本: ${currentVersion || '未知'}`)); ... L24: try { L25: // 使用 npm install -g @latest 强制更新到最新版本 L26: exec('npm install -g @yearhe9900/mb-toolbox-cli@latest', { stdio: 'inherit' });
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/commands/update.jsView on unpkg · L11

Findings

1 Critical4 High2 Medium4 Low
CriticalPrevious Version Dangerous Deltasrc/core/dotnet.js
HighChild Processsrc/core/dotnet.js
HighShellsrc/core/dotnet.js
HighSandbox Evasion Gated Capabilitysrc/core/dotnet.js
HighRuntime Package Installsrc/commands/update.js
MediumDynamic Requiresrc/core/create.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings