registry  /  botmux  /  2.105.0

botmux@2.105.0

⚠ Under review

Bridge between IM platforms and AI coding CLIs — one topic, one CLI session with live streaming

Static Scan Results

scanned 2h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 536 file(s), 8.01 MB of source, external domains: 10.0.0.5, 127.0.0.1, accounts.feishu.cn, accounts.larksuite.com, api.github.com, api.openai.com, api.z.ai, applink.feishu.cn, ask.feishu.cn, cdn.jsdelivr.net, emscripten.org, github.com, herdr.dev, mira.bytedance.com, open.bigmodel.cn, open.feishu.cn, open.larksuite.com, raw.githubusercontent.com, reactjs.org, registry.npmjs.org, sami.bytedance.com, tosv.byted.org, www.apple.com, www.w3.org

Source & flagged code

9 flagged · loading source
dist/core/maintenance.jsView file
17*/ L18: import { execSync, spawn } from 'node:child_process'; L19: import { closeSync, existsSync, mkdirSync, openSync, readFileSync, renameSync, writeFileSync, writeSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/core/maintenance.jsView on unpkg · L17
8* anywhere defers the run to the next day (no retry); L9: * - auto-update (npm-global only): `npm install -g botmux@latest`, then restart L10: * to apply iff the version actually changed; ... L17: */ L18: import { execSync, spawn } from 'node:child_process'; L19: import { closeSync, existsSync, mkdirSync, openSync, readFileSync, renameSync, writeFileSync, writeSync } from 'node:fs';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/core/maintenance.jsView on unpkg · L8
dist/setup/ensure-tmux.jsView file
265if (platform.os === 'darwin' && !platform.packageManagers.includes('brew')) { L266: reasonLines.push('macOS 推荐先安装 Homebrew:/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.[redacted].sh)"'); L267: }
High
Shell

Package source references shell execution.

dist/setup/ensure-tmux.jsView on unpkg · L265
dist/worker.jsView file
9* 3. Spawns CLI via CliAdapter + PtyBackend (interactive mode) L10: * 4. Starts HTTP + WebSocket server for xterm.js L11: * 5. Receives 'message' events from daemon, writes to PTY stdin ... L19: import { homedir } from 'node:os'; L20: import { spawnSync } from 'node:child_process'; L21: import { evaluateReadIsolationGate, buildSeatbeltProfile, isolatedPaneReattachSafe, sendCredFilePath, botHomePath, buildV2DenyPaths, buildV2DenyRegexes, buildV2CarveOuts, } from '.... ... L146: // elsewhere rotates the refresh token, which would strand a stale per-bot copy). L147: const authSrc = join(homedir(), '.codex', 'auth.json'); L148: if (existsSync(authSrc)) ... L168: try { L169: return Number(JSON.parse(raw)?.claudeAiOauth?.expiresAt) || 0; L170: }
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/worker.jsView on unpkg · L9
dist/autostart.jsView file
16*/ L17: import { spawnSync } from 'node:child_process'; L18: import { existsSync, mkdirSync, writeFileSync, unlinkSync, readFileSync } from 'node:fs'; ... L24: function platform() { L25: if (process.platform === 'darwin') L26: return 'macos'; ... L36: function plistPath() { L37: return join(homedir(), 'Library', 'LaunchAgents', `${LABEL}.plist`); L38: } ... L56: // tmux, etc.). Falls back to a sane default if PATH is empty. L57: const p = process.env.PATH || ''; L58: if (p)
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/autostart.jsView on unpkg · L16
dist/mira-runner.jsView file
1#!/usr/bin/env node L2: import { execFileSync } from 'node:child_process'; L3: import { existsSync } from 'node:fs'; ... L7: import { extractMiraHistoryFinalText, sanitizeMiraFinalText } from './mira-output.js'; L8: const MIRA_DOMAIN = 'https://mira.bytedance.com'; L9: const API_BASE_URL = process.env.MIRA_API_BASE_URL ?? `${MIRA_DOMAIN}/mira/api/v1`; L10: const MODEL_METADATA_URL = process.env.MIRA_MODEL_METADATA_URL ?? `${MIRA_DOMAIN}/api/v1/model/metadata`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/mira-runner.jsView on unpkg · L1
dist/cli.jsView file
21*/ L22: import { execSync, execFileSync, spawnSync, spawn } from 'node:child_process'; L23: import { existsSync, mkdirSync, copyFileSync, readFileSync, writeFileSync, renameSync, readdirSync, readlinkSync, appendFileSync, statSync, unlinkSync } from 'node:fs'; ... L69: } L70: // CLI subcommands (send/thread/bots/list/etc) print JSON to stdout for L71: // callers to parse. Transitive logger.info calls from shared modules would ... L75: const __filename = fileURLToPath(import.meta.url); L76: const __dirname = dirname(__filename); L77: const require = createRequire(import.meta.url); ... L106: function pm2Bin() { L107: if (process.platform === 'win32') { L108: const cmd = join(PKG_ROOT, 'node_modules', '.bin', 'pm2.cmd');
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli.jsView on unpkg · L21
21Trigger-reachable chain: manifest.bin -> dist/cli.js L21: */ L22: import { execSync, execFileSync, spawnSync, spawn } from 'node:child_process'; L23: import { existsSync, mkdirSync, copyFileSync, readFileSync, writeFileSync, renameSync, readdirSync, readlinkSync, appendFileSync, statSync, unlinkSync } from 'node:fs'; ... L69: } L70: // CLI subcommands (send/thread/bots/list/etc) print JSON to stdout for L71: // callers to parse. Transitive logger.info calls from shared modules would ... L75: const __filename = fileURLToPath(import.meta.url); L76: const __dirname = dirname(__filename); L77: const require = createRequire(import.meta.url); ... L106: function pm2Bin() { L107: if (process.platform === 'win32') { L108: const cmd = join(PKG_ROOT, 'node_modules', '.bin', 'pm2.cmd');
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.jsView on unpkg · L21
dist/core/worker-pool.jsView file
4Cross-file remote execution chain: dist/core/worker-pool.js spawns dist/worker.js; helper contains network access plus dynamic code execution. L4: */ L5: import { fork, execSync } from 'node:child_process'; L6: import { join, dirname } from 'node:path'; ... L21: import { updateMessage, deleteMessage, sendEphemeralCard, sendUserMessage, addReaction, removeReaction, MessageWithdrawnError } from '../im/lark/client.js'; L22: import { buildStreamingCard, buildPrivateSnapshotCard, buildSessionCard, buildTuiPromptCard, buildTuiPromptResolvedCard, buildRelayedFrozenCard, getCliDisplayName } from '../im/lar... L23: import { loadFrozenCards, saveFrozenCards } from '../services/frozen-card-store.js'; ... L54: const __filename = fileURLToPath(import.meta.url); L55: const __dirname = dirname(__filename); L56: const WORKER_SIGTERM_BACKSTOP_MS = 2_000; ... L225: if (existsSync(crossRefPath)) { L226: const parsed = JSON.parse(readFileSync(crossRefPath, 'utf-8')); L227: if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/core/worker-pool.jsView on unpkg · L4

Findings

2 Critical5 High4 Medium7 Low
CriticalCredential Exfiltrationdist/cli.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
HighChild Processdist/core/maintenance.js
HighShelldist/setup/ensure-tmux.js
HighSame File Env Network Executiondist/mira-runner.js
HighCross File Remote Execution Contextdist/core/worker-pool.js
HighRuntime Package Installdist/core/maintenance.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/autostart.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/worker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings