AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a Bailian CLI runtime with user-invoked API, download, config, update-check, and workflow execution features.
Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Importing the package exposes helpers; actions occur when a consuming CLI calls createCli().run() or executePipeline().
Impact
No unconsented execution, harvesting, or exfiltration identified by static inspection.
Mechanism
package-aligned CLI runtime and workflow dispatcher
Rationale
Static inspection found risky primitives, especially user-specified workflow JavaScript execution, but they are exposed as explicit CLI/runtime features rather than install-time, import-time, or covert behavior. No concrete malicious credential theft, persistence, destructive action, or unauthorized network exfiltration was present.
Evidence
package.jsondist/index.mjsdist/index.d.mtsdist/dist-DgvkrLd1.mjsdist/chunk-POvHkJ8y.mjs~/.bailian/config.json<config-dir>/update-state.jsonuser-specified download destination pathsuser-specified pipeline input paths
Network endpoints4
bailian.console.aliyun.combailian.console.aliyun.com/cn-beijingbailian.console.aliyun.com/cn-beijing/?tab=app#/api-keyregistry.npmjs.org
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/index.mjs registers workflow step script/js using Function('args', code), a user-invoked dangerous capability.
- dist/index.mjs performs runtime fetches for Bailian API calls, npm update checks, and user-requested downloads.
- dist/index.mjs writes config/update/download outputs via writeConfigFile, update-state.json, and destination paths.
Evidence against
- package.json has no install/preinstall/postinstall/prepare lifecycle hooks and no bin entry.
- Top-level dist/index.mjs exports runtime helpers; CLI execution occurs only through createCli(...).run().
- Network use is package-aligned: Bailian/DashScope API helpers, npm latest-version check, and explicit downloadFile URLs.
- Credential handling is expected for a Bailian CLI: DASHSCOPE_API_KEY prompt/config, token masking, and bailian-cli-core request helpers.
- No child_process, native binary loading, persistence, destructive project traversal, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessEnvironmentVarsNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
1 flagged · loading sourcedist/index.mjsView file
•matchType = previous_version_dangerous_delta
matchedPackage = bailian-cli-runtime@1.5.0
matchedIdentity = npm:YmFpbGlhbi1jbGktcnVudGltZQ:1.5.0
similarity = 0.667
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/index.mjsView on unpkgFindings
1 Critical2 Medium4 Low
CriticalPrevious Version Dangerous Deltadist/index.mjs
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings