registry  /  @zenith-open/zenithcms-core  /  1.0.0-beta.8

@zenith-open/zenithcms-core@1.0.0-beta.8

⚠ Under review

Zenith CMS — headless engine with REST, GraphQL, and AI tools

AI Security Review

scanned 5h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Suspicious primitives are CMS-aligned runtime/admin features rather than install-time or import-time behavior.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User-invoked CMS server, CLI, admin onboarding, or workflow actions
Impact
No evidence of unconsented code execution, credential harvesting, exfiltration, persistence, or agent control hijack
Mechanism
Package-aligned CMS plugin installation, workflow execution, webhooks, and AI provider calls
Rationale
Static inspection found no lifecycle hooks, hidden install/import execution, broad agent-surface mutation, persistence, or hardcoded exfiltration; the risky APIs are exposed as documented CMS runtime/admin capabilities. The package should not be blocked as malicious based on scanner hints alone.
Evidence
package.jsondist/packages/core/src/index.jsdist/packages/core/src/cli/index.jsdist/packages/core/src/api/system.jsdist/packages/core/src/services/flow-engine.jsdist/packages/core/src/database/adapters/AotBridge.jsdist/packages/core/src/api/auth/sso.js

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle scripts
    • Main entry dist/packages/core/src/index.js exports CMS engine and imports local registry; server/listeners start only when ZenithEngine.start is called
    • dist/packages/core/src/cli/index.js pnpm add is an explicit interactive `zenithcms plugins` command choosing official plugins
    • dist/packages/core/src/api/system.js execSync runs a package template setup script after authenticated admin onboarding, not at install/import time
    • dist/packages/core/src/services/flow-engine.js vm/fetch behavior is a CMS workflow feature using stored flow nodes, not hidden package execution
    • No Claude/Codex/Cursor/MCP control-surface writes or persistence files found
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
    Supply chain
    HighEntropyStringsUrlStrings
    Manifest
    NoLicense
    scanned 416 file(s), 2.25 MB of source, external domains: accounts.google.com, api.anthropic.com, api.cohere.com, api.github.com, api.groq.com, api.mistral.ai, api.openai.com, api.together.xyz, api.x.ai, dummy-test-file-url-12345.public.blob.vercel-storage.com, fonts.googleapis.com, fonts.gstatic.com, generativelanguage.googleapis.com, github.com, integrate.api.nvidia.com, oauth2.googleapis.com, openrouter.ai, production.zenithcms.internal, storage.googleapis.com, www.googleapis.com, www.paypal.com, zenithcms.com

    Source & flagged code

    7 flagged · loading source
    dist/packages/core/src/api/auth/sso.jsView file
    36patternName = generic_password severity = medium line = 36 matchedText = password...nt',
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/packages/core/src/api/auth/sso.jsView on unpkg · L36
    dist/cli/index.jsView file
    237const prompts = require('prompts'); L238: const { execSync } = require('child_process'); L239: console.log('\n======================================');
    High
    Child Process

    Package source references child process execution.

    dist/cli/index.jsView on unpkg · L237
    dist/database/adapters/AotBridge.jsView file
    30try { L31: // Convert absolute Windows paths to file:// URLs for ESM import() compatibility L32: const fileUrl = pathToFileURL(fileToLoad).href;
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/database/adapters/AotBridge.jsView on unpkg · L30
    dist/packages/core/src/services/flow-engine.jsView file
    121status: 'running', L122: context: { payload, env: process.env }, L123: completedNodes: {}, ... L321: else { L322: const headers = config.headers ? JSON.parse(config.headers) : {}; L323: const body = config.body ? JSON.parse(config.body) : context.payload || context; L324: const method = config.method || 'POST'; L325: const res = await fetch(config.url, { L326: method, L327: headers: { 'Content-Type': 'application/json', ...headers }, L328: body: method !== 'GET' ? JSON.stringify(body) : undefined L329: });
    Medium
    Unsafe Vm Context

    Package source executes code through a VM context API.

    dist/packages/core/src/services/flow-engine.jsView on unpkg · L121
    dist/packages/core/src/api/system.jsView file
    1211try { L1212: execSync(`npx tsx ${scriptPath}`, { stdio: 'inherit' }); L1213: }
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    dist/packages/core/src/api/system.jsView on unpkg · L1211
    dist/packages/core/src/index.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @zenith-open/zenithcms-core@1.0.0-beta.7 matchedIdentity = npm:[redacted]:1.0.0-beta.7 similarity = 0.858 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/packages/core/src/index.jsView on unpkg
    dist/api/auth/sso.jsView file
    36patternName = generic_password severity = medium line = 36 matchedText = password...nt',
    Medium
    Secret Pattern

    Hardcoded password in dist/api/auth/sso.js

    dist/api/auth/sso.jsView on unpkg · L36

    Findings

    1 Critical2 High7 Medium5 Low
    CriticalPrevious Version Dangerous Deltadist/packages/core/src/index.js
    HighChild Processdist/cli/index.js
    HighRuntime Package Installdist/packages/core/src/api/system.js
    MediumSecret Patterndist/packages/core/src/api/auth/sso.js
    MediumDynamic Requiredist/database/adapters/AotBridge.js
    MediumUnsafe Vm Contextdist/packages/core/src/services/flow-engine.js
    MediumNetwork
    MediumEnvironment Vars
    MediumStructural Risk Force Deep Review
    MediumSecret Patterndist/api/auth/sso.js
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings
    LowNo License