registry  /  aicall-cli-x  /  0.0.3

aicall-cli-x@0.0.3

AI 外呼 CLI

AI Security Review

scanned 12d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package is an obfuscated AI outbound-call CLI whose risky behavior is user-invoked API calls, local config storage, and optional localcrm tagging.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the aicall CLI commands, especially init or call.
Impact
User-provided token, umId, salesperson name, phone numbers, and call metadata are used for the advertised outbound-call workflow.
Mechanism
CLI config storage, fetch requests to AI outbound API, and localcrm subprocess tagging helper
Rationale
Static inspection found strong obfuscation and anti-debugging, but the readable bundled source and targeted searches show package-aligned CLI behavior rather than concrete malware. The scanner’s obfuscation findings are real but do not by themselves establish exfiltration, install-time execution, persistence, or destructive behavior.
Evidence
package.jsonbin/aicall.jsdist/bundle.cjsdist/bundle-og.cjsdist/bundle-no-debug.cjs~/.aicallrc/config.json
Network endpoints5
cfs-ms.pa18.comcfs-ms.pa18.com/gw_ms/phsp-tool/ai-call/synCallList?token=<token>cfs-ms.pa18.com/gw_ms/phsp-tool/ai-call/queryAiOutboundInfo?token=<token>cfs-ms.pa18.com/gw_ms/phsp-tool/ai-call/queryAsr?token=<token>cfs-ms.pa18.com/gw_ms/phsp-tool/ai-call/getTokenQuota?token=<token>

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • dist/bundle.cjs is heavily obfuscated and includes anti-debug/process-exit logic when argv or NODE_OPTIONS mention inspect/debug.
  • dist/bundle-og.cjs has user-invoked execSync calls to localcrm commands during unsupported-phone tagging.
  • dist/bundle-og.cjs writes user-provided credentials to ~/.aicallrc/config.json on aicall init.
Evidence against
  • package.json has no preinstall/install/postinstall lifecycle hooks; bin entrypoint only loads dist/bundle.cjs.
  • Readable bundle shows package-aligned CLI commands: init, call, status, asr, daylimit, help.
  • Network use is limited to configured AI outbound API paths under DEFAULT_HOST https://cfs-ms.pa18.com unless user overrides host.
  • No source evidence of import-time harvesting, hidden exfiltration endpoint, destructive behavior, persistence, or AI-agent control-surface writes.
Behavioral surface
Source
ChildProcessDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
Manifest
NoLicense
scanned 8 file(s), 1.89 MB of source, external domains: cfs-ms.pa18.com

Source & flagged code

3 flagged · loading source
bin/aicall.jsView file
18if (existsSync(distBundle)) { L19: const require = createRequire(import.meta.url); L20: require(distBundle);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/aicall.jsView on unpkg · L18
dist/bundle-no-debug.cjsView file
1#!/usr/bin/env node L2: (function(R,z){function qt(R,z,K,p,E){return m(z- -0x80,R);}function qW(R,z,K,p,E){return d(R- -0x9d,E);}function qe(R,z,K,p,E){return m(z-0x99,K);}function qc(R,z,K,p,E){return m(...
High
Obfuscated Payload Loader

Source contains an obfuscator-style string-array loader that reconstructs and executes hidden code.

dist/bundle-no-debug.cjsView on unpkg · L1
dist/bundle-og.cjsView file
matchType = previous_version_dangerous_delta matchedPackage = aicall-cli-x@0.0.2 matchedIdentity = npm:YWljYWxsLWNsaS14:0.0.2 similarity = 0.500 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/bundle-og.cjsView on unpkg

Findings

1 Critical1 High3 Medium5 Low
CriticalPrevious Version Dangerous Deltadist/bundle-og.cjs
HighObfuscated Payload Loaderdist/bundle-no-debug.cjs
MediumDynamic Requirebin/aicall.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings
LowNo License