registry  /  aicall-cli-x  /  0.0.13

aicall-cli-x@0.0.13

AI 外呼 CLI

AI Security Review

scanned 3h ago · by lpm-firewall-ai

User invocation of `aicall` loads an obfuscated bundle that stores supplied service credentials locally and contacts outbound-call APIs. The bundle also shells out to a local `localcrm` CLI.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `aicall` executable and supplies configuration or call-management arguments.
Impact
Local credentials are retained in plaintext configuration; shell command construction warrants warning-level review risk, but no concrete malicious payload or unconsented install-time action is established.
Mechanism
Obfuscated outbound-call client with credential persistence and shell-based CRM integration.
Rationale
No source-grounded malware chain or install-time attack was found, so a block is not justified. Obfuscation, anti-analysis behavior, plaintext credential storage, and shell CRM invocation leave material unresolved security risk.
Evidence
package.jsonbin/aicall.jsdist/bundle.cjs~/.aicallrc/config.json~/.aicallrc/phone-cache.json
Network endpoints2
cfs-ms.pa18.comcallbot.duofangtongxin.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
  • `dist/bundle.cjs` is heavily obfuscated and exits when inspection/debug flags are present.
  • `dist/bundle.cjs` persists ticket, platform username, and password in `~/.aicallrc/config.json`.
  • `dist/bundle.cjs` invokes shell commands through `child_process.execSync` for `localcrm` operations.
  • The obfuscated CLI can initiate outbound-call workflows and transmit configured credentials to service APIs.
Evidence against
  • `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
  • `bin/aicall.js` only loads the package-owned bundle when the user runs `aicall`.
  • No eval, Function constructor, remote code loader, agent-control-surface write, or foreign persistence was found.
  • Observed network hosts and local config storage are consistent with the advertised outbound-call CLI.
Behavioral surface
Source
DynamicRequireFilesystem
Supply chain
HighEntropyStringsMinifiedProtestware
Manifest
NoLicense
scanned 2 file(s), 357 KB of source

Source & flagged code

2 flagged · loading source
bin/aicall.jsView file
18if (existsSync(distBundle)) { L19: const require = createRequire(import.meta.url); L20: require(distBundle);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/aicall.jsView on unpkg · L18
dist/bundle.cjsView file
1#!/usr/bin/env node L2: (function(){try{var rwUsejU=typeof process!=='undefined'&&process;if(rwUsejU&&(rwUsejU.argv.join(' ').match(/inspect|debug|--dev/)||(rwUsejU.env.NODE_OPTIONS||'').match(/inspect|de...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bundle.cjsView on unpkg · L1

Findings

1 High3 Medium4 Low
HighObfuscated Payload Loaderdist/bundle.cjs
MediumDynamic Requirebin/aicall.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License