AI Security Review
scanned 3h ago · by lpm-firewall-aiUser invocation of `aicall` loads an obfuscated bundle that stores supplied service credentials locally and contacts outbound-call APIs. The bundle also shells out to a local `localcrm` CLI.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs the `aicall` executable and supplies configuration or call-management arguments.
Impact
Local credentials are retained in plaintext configuration; shell command construction warrants warning-level review risk, but no concrete malicious payload or unconsented install-time action is established.
Mechanism
Obfuscated outbound-call client with credential persistence and shell-based CRM integration.
Rationale
No source-grounded malware chain or install-time attack was found, so a block is not justified. Obfuscation, anti-analysis behavior, plaintext credential storage, and shell CRM invocation leave material unresolved security risk.
Evidence
package.jsonbin/aicall.jsdist/bundle.cjs~/.aicallrc/config.json~/.aicallrc/phone-cache.json
Network endpoints2
cfs-ms.pa18.comcallbot.duofangtongxin.com
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
- `dist/bundle.cjs` is heavily obfuscated and exits when inspection/debug flags are present.
- `dist/bundle.cjs` persists ticket, platform username, and password in `~/.aicallrc/config.json`.
- `dist/bundle.cjs` invokes shell commands through `child_process.execSync` for `localcrm` operations.
- The obfuscated CLI can initiate outbound-call workflows and transmit configured credentials to service APIs.
Evidence against
- `package.json` defines no preinstall, install, postinstall, or prepare lifecycle hook.
- `bin/aicall.js` only loads the package-owned bundle when the user runs `aicall`.
- No eval, Function constructor, remote code loader, agent-control-surface write, or foreign persistence was found.
- Observed network hosts and local config storage are consistent with the advertised outbound-call CLI.
Behavioral surface
DynamicRequireFilesystem
HighEntropyStringsMinifiedProtestware
NoLicense
Source & flagged code
2 flagged · loading sourcebin/aicall.jsView file
18if (existsSync(distBundle)) {
L19: const require = createRequire(import.meta.url);
L20: require(distBundle);
Medium
Dynamic Require
Package source references dynamic require/import behavior.
bin/aicall.jsView on unpkg · L18dist/bundle.cjsView file
1#!/usr/bin/env node
L2: (function(){try{var rwUsejU=typeof process!=='undefined'&&process;if(rwUsejU&&(rwUsejU.argv.join(' ').match(/inspect|debug|--dev/)||(rwUsejU.env.NODE_OPTIONS||'').match(/inspect|de...
High
Obfuscated Payload Loader
Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.
dist/bundle.cjsView on unpkg · L1Findings
1 High3 Medium4 Low
HighObfuscated Payload Loaderdist/bundle.cjs
MediumDynamic Requirebin/aicall.js
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License