registry  /  botmux  /  2.98.2

botmux@2.98.2

⚠ Under review

Bridge between IM platforms and AI coding CLIs — one topic, one CLI session with live streaming

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis flagged 18 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNativeBindingsNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 460 file(s), 7.09 MB of source, external domains: 10.0.0.5, 127.0.0.1, accounts.feishu.cn, accounts.larksuite.com, api.github.com, api.openai.com, api.z.ai, applink.feishu.cn, ask.feishu.cn, cdn.jsdelivr.net, emscripten.org, github.com, herdr.dev, mira.bytedance.com, open.bigmodel.cn, open.feishu.cn, open.larksuite.com, raw.githubusercontent.com, registry.npmjs.org, sami.bytedance.com, tosv.byted.org, www.apple.com

Source & flagged code

9 flagged · loading source
dist/core/maintenance.jsView file
17*/ L18: import { execSync, spawn } from 'node:child_process'; L19: import { closeSync, existsSync, mkdirSync, openSync, readFileSync, renameSync, writeFileSync, writeSync } from 'node:fs';
High
Child Process

Package source references child process execution.

dist/core/maintenance.jsView on unpkg · L17
8* anywhere defers the run to the next day (no retry); L9: * - auto-update (npm-global only): `npm install -g botmux@latest`, then restart L10: * to apply iff the version actually changed; ... L17: */ L18: import { execSync, spawn } from 'node:child_process'; L19: import { closeSync, existsSync, mkdirSync, openSync, readFileSync, renameSync, writeFileSync, writeSync } from 'node:fs';
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/core/maintenance.jsView on unpkg · L8
dist/setup/ensure-tmux.jsView file
265if (platform.os === 'darwin' && !platform.packageManagers.includes('brew')) { L266: reasonLines.push('macOS 推荐先安装 Homebrew:/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.[redacted].sh)"'); L267: }
High
Shell

Package source references shell execution.

dist/setup/ensure-tmux.jsView on unpkg · L265
dist/worker.jsView file
9* 3. Spawns CLI via CliAdapter + PtyBackend (interactive mode) L10: * 4. Starts HTTP + WebSocket server for xterm.js L11: * 5. Receives 'message' events from daemon, writes to PTY stdin ... L117: let crashDiagnosticStopped = false; L118: /** Exit code/signal of the just-exited CLI, stashed so a deferred park L119: * (park_diagnostic IPC) can stamp the captured log even though the park no ... L163: return zellijAttachCfgPath; L164: const p = join(process.env.SESSION_DATA_DIR ?? '/tmp', '.zellij-web-attach.kdl'); L165: // 原子写:同一 data dir 下多个 worker 进程会写同一路径(内容相同), ... L324: // 200ms beat. L325: be.write(content); L326: await new Promise(r => setTimeout(r, 200));
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/worker.jsView on unpkg · L9
dist/autostart.jsView file
16*/ L17: import { spawnSync } from 'node:child_process'; L18: import { existsSync, mkdirSync, writeFileSync, unlinkSync, readFileSync } from 'node:fs'; ... L24: function platform() { L25: if (process.platform === 'darwin') L26: return 'macos'; ... L36: function plistPath() { L37: return join(homedir(), 'Library', 'LaunchAgents', `${LABEL}.plist`); L38: } ... L56: // tmux, etc.). Falls back to a sane default if PATH is empty. L57: const p = process.env.PATH || ''; L58: if (p)
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

dist/autostart.jsView on unpkg · L16
dist/mira-runner.jsView file
1#!/usr/bin/env node L2: import { execFileSync } from 'node:child_process'; L3: import { existsSync } from 'node:fs'; ... L7: import { extractMiraHistoryFinalText, sanitizeMiraFinalText } from './mira-output.js'; L8: const MIRA_DOMAIN = 'https://mira.bytedance.com'; L9: const API_BASE_URL = process.env.MIRA_API_BASE_URL ?? `${MIRA_DOMAIN}/mira/api/v1`; L10: const MODEL_METADATA_URL = process.env.MIRA_MODEL_METADATA_URL ?? `${MIRA_DOMAIN}/api/v1/model/metadata`;
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/mira-runner.jsView on unpkg · L1
dist/cli.jsView file
20*/ L21: import { execSync, execFileSync, spawnSync, spawn } from 'node:child_process'; L22: import { existsSync, mkdirSync, copyFileSync, readFileSync, writeFileSync, renameSync, readdirSync, readlinkSync, appendFileSync, statSync, unlinkSync } from 'node:fs'; ... L65: } L66: // CLI subcommands (send/thread/bots/list/etc) print JSON to stdout for L67: // callers to parse. Transitive logger.info calls from shared modules would ... L71: const __filename = fileURLToPath(import.meta.url); L72: const __dirname = dirname(__filename); L73: const require = createRequire(import.meta.url); ... L102: function pm2Bin() { L103: if (process.platform === 'win32') { L104: const cmd = join(PKG_ROOT, 'node_modules', '.bin', 'pm2.cmd');
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/cli.jsView on unpkg · L20
20Trigger-reachable chain: manifest.bin -> dist/cli.js L20: */ L21: import { execSync, execFileSync, spawnSync, spawn } from 'node:child_process'; L22: import { existsSync, mkdirSync, copyFileSync, readFileSync, writeFileSync, renameSync, readdirSync, readlinkSync, appendFileSync, statSync, unlinkSync } from 'node:fs'; ... L65: } L66: // CLI subcommands (send/thread/bots/list/etc) print JSON to stdout for L67: // callers to parse. Transitive logger.info calls from shared modules would ... L71: const __filename = fileURLToPath(import.meta.url); L72: const __dirname = dirname(__filename); L73: const require = createRequire(import.meta.url); ... L102: function pm2Bin() { L103: if (process.platform === 'win32') { L104: const cmd = join(PKG_ROOT, 'node_modules', '.bin', 'pm2.cmd');
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/cli.jsView on unpkg · L20
dist/core/worker-pool.jsView file
4Cross-file remote execution chain: dist/core/worker-pool.js spawns dist/worker.js; helper contains network access plus dynamic code execution. L4: */ L5: import { fork, execSync } from 'node:child_process'; L6: import { join, dirname } from 'node:path'; ... L20: import { updateMessage, deleteMessage, sendEphemeralCard, sendUserMessage, addReaction, removeReaction, MessageWithdrawnError } from '../im/lark/client.js'; L21: import { buildStreamingCard, buildPrivateSnapshotCard, buildSessionCard, buildTuiPromptCard, buildTuiPromptResolvedCard, buildRelayedFrozenCard, getCliDisplayName } from '../im/lar... L22: import { loadFrozenCards, saveFrozenCards } from '../services/frozen-card-store.js'; ... L49: const __filename = fileURLToPath(import.meta.url); L50: const __dirname = dirname(__filename); L51: const WORKER_SIGTERM_BACKSTOP_MS = 2_000; ... L212: if (existsSync(crossRefPath)) { L213: const parsed = JSON.parse(readFileSync(crossRefPath, 'utf-8')); L214: if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/core/worker-pool.jsView on unpkg · L4

Findings

2 Critical5 High4 Medium7 Low
CriticalCredential Exfiltrationdist/cli.js
CriticalTrigger Reachable Dangerous Capabilitydist/cli.js
HighChild Processdist/core/maintenance.js
HighShelldist/setup/ensure-tmux.js
HighSame File Env Network Executiondist/mira-runner.js
HighCross File Remote Execution Contextdist/core/worker-pool.js
HighRuntime Package Installdist/core/maintenance.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencedist/autostart.js
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/worker.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings