registry  /  @zenith-open/zenithcms-core  /  1.0.0-beta.6

@zenith-open/zenithcms-core@1.0.0-beta.6

Zenith CMS — headless engine with REST, GraphQL, and AI tools

AI Security Review

scanned 12h ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. Risky primitives are CMS features gated by runtime server use, authenticated admin actions, or explicit CLI commands.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Runtime CMS/admin actions or explicit zenithcms CLI invocation
Impact
No evidence of unconsented credential harvesting, exfiltration, persistence, or lifecycle control-surface mutation
Mechanism
Package-aligned CMS automation, plugin install, template setup, and provider API integrations
Rationale
Static inspection found no lifecycle hook or import-time malicious behavior; the flagged child_process, VM, dynamic import, and network usage are tied to documented CMS/server/admin/CLI functionality. The flow VM is a powerful user-configured feature but does not by itself show package-authored malware or unconsented execution.
Evidence
package.jsondist/packages/core/src/index.jsdist/packages/core/src/api/system.jsdist/packages/core/src/cli/index.jsdist/packages/core/src/services/flow-engine.jsdist/packages/db-mongodb/src/MongooseAdapter.jscms.config.ts./backupsdist/templates/<projectType>/backend/setup.ts
Network endpoints5
api.openai.com/v1/embeddingsopenrouter.ai/api/v1/embeddingsapi.github.com/userapi.openai.com/v1/chat/completionsapi.anthropic.com/v1/messages

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with low false-positive risk.
Evidence for block
  • dist/packages/core/src/services/flow-engine.js exposes admin/user-configured flow steps that can run vm code with process.env in sandbox
  • dist/packages/core/src/api/system.js can run npx tsx for built-in onboarding template setup after authenticated admin onboarding
  • dist/packages/core/src/cli/index.js has an explicitly invoked interactive plugin installer that runs pnpm add on fixed official choices
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks
  • Main entry dist/packages/core/src/index.js initializes an Express CMS engine, not import-time exfiltration or persistence
  • Network calls are package-aligned CMS/AI/OAuth/storage/webhook integrations and require runtime configuration or user actions
  • No writes to foreign AI-agent control surfaces, shell startup files, VCS hooks, or OS autostart entries found
  • Scanner dynamic require and child_process findings are user/admin-invoked CMS operations, not silent install-time behavior
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
Manifest
NoLicense
scanned 413 file(s), 2.25 MB of source, external domains: accounts.google.com, api.anthropic.com, api.cohere.com, api.github.com, api.groq.com, api.mistral.ai, api.openai.com, api.together.xyz, api.x.ai, dummy-test-file-url-12345.public.blob.vercel-storage.com, fonts.googleapis.com, fonts.gstatic.com, generativelanguage.googleapis.com, github.com, integrate.api.nvidia.com, oauth2.googleapis.com, openrouter.ai, production.zenithcms.internal, storage.googleapis.com, www.googleapis.com, www.paypal.com, zenithcms.com

Source & flagged code

7 flagged · loading source
dist/packages/core/src/api/auth/sso.jsView file
36patternName = generic_password severity = medium line = 36 matchedText = password...nt',
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/packages/core/src/api/auth/sso.jsView on unpkg · L36
dist/cli/index.jsView file
237const prompts = require('prompts'); L238: const { execSync } = require('child_process'); L239: console.log('\n======================================');
High
Child Process

Package source references child process execution.

dist/cli/index.jsView on unpkg · L237
dist/database/adapters/AotBridge.jsView file
30try { L31: // Convert absolute Windows paths to file:// URLs for ESM import() compatibility L32: const fileUrl = pathToFileURL(fileToLoad).href;
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/database/adapters/AotBridge.jsView on unpkg · L30
dist/packages/core/src/services/flow-engine.jsView file
121status: 'running', L122: context: { payload, env: process.env }, L123: completedNodes: {}, ... L321: else { L322: const headers = config.headers ? JSON.parse(config.headers) : {}; L323: const body = config.body ? JSON.parse(config.body) : context.payload || context; L324: const method = config.method || 'POST'; L325: const res = await fetch(config.url, { L326: method, L327: headers: { 'Content-Type': 'application/json', ...headers }, L328: body: method !== 'GET' ? JSON.stringify(body) : undefined L329: });
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

dist/packages/core/src/services/flow-engine.jsView on unpkg · L121
dist/packages/core/src/api/system.jsView file
1211try { L1212: execSync(`npx tsx ${scriptPath}`, { stdio: 'inherit' }); L1213: }
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/packages/core/src/api/system.jsView on unpkg · L1211
dist/packages/db-mongodb/src/MongooseAdapter.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @zenith-open/zenithcms-core@1.0.0-beta.5 matchedIdentity = npm:[redacted]:1.0.0-beta.5 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/packages/db-mongodb/src/MongooseAdapter.jsView on unpkg
dist/api/auth/sso.jsView file
36patternName = generic_password severity = medium line = 36 matchedText = password...nt',
Medium
Secret Pattern

Hardcoded password in dist/api/auth/sso.js

dist/api/auth/sso.jsView on unpkg · L36

Findings

1 Critical2 High7 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/packages/db-mongodb/src/MongooseAdapter.js
HighChild Processdist/cli/index.js
HighRuntime Package Installdist/packages/core/src/api/system.js
MediumSecret Patterndist/packages/core/src/api/auth/sso.js
MediumDynamic Requiredist/database/adapters/AotBridge.js
MediumUnsafe Vm Contextdist/packages/core/src/services/flow-engine.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/api/auth/sso.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License