registry  /  chainlesschain  /  0.162.157

chainlesschain@0.162.157

Superseded by 0.162.162 (npm latest). Please upgrade: npm i -g chainlesschain@latest

CLI for ChainlessChain - install, configure, and manage your personal AI management system

AI Security Review

scanned 2d ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. Install-time setup generates agent-callable skill-pack files under the package's own desktop application data directory. The generated handlers can later invoke the ChainlessChain CLI.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
npm install executes postinstall automatically.
Impact
Adds package-owned agent extension artifacts that may expose the CLI's capabilities when consumed by a compatible host.
Mechanism
First-party agent skill-pack generation and CLI handler installation.
Rationale
The package has a real install-time first-party agent-extension lifecycle risk, warranting a warning. Source inspection found no concrete malicious behavior sufficient for a publish block.
Evidence
package.jsonscripts/postinstall.mjssrc/lib/skill-packs/generator.jssrc/lib/skill-packs/schema.jssrc/lib/paths.jssrc/lib/chrome-connector.jssrc/commands/update.jssrc/auth/npm-auth.js

Decision evidence

public snapshot
AI called this Suspicious at 90.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `package.json` runs `scripts/postinstall.mjs` on install.
  • `scripts/postinstall.mjs` imports and invokes `generateCliPacks()` automatically.
  • `src/lib/skill-packs/generator.js` writes generated `SKILL.md` and `handler.js` files.
  • Generated direct/hybrid handlers invoke the package CLI through `spawnSync` with `shell: true`.
  • Generated packs target the package-owned desktop user-data `skills` directory.
Evidence against
  • Postinstall performs no network request, credential read, shell command, or foreign-agent configuration write.
  • `src/lib/paths.js` scopes generated packs under `chainlesschain-desktop-vue`, not Codex/Claude/Cursor paths.
  • The Chrome connector uses loopback-only CDP and is runtime functionality, not install-time execution.
  • `src/commands/update.js` self-installs only after the explicit `update` command and confirmation.
  • No inspected source establishes exfiltration, remote payload loading, destructive behavior, or stealth persistence.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 843 file(s), 15.2 MB of source, external domains: 127.0.0.1, accounts.google.com, api-push.vivo.com.cn, api.anthropic.com, api.bochaai.com, api.deepseek.com, api.example.com, api.exchangerate-api.com, api.github.com, api.minimax.chat, api.mistral.ai, api.moonshot.cn, api.openai.com, api.push.apple.com, api.push.oppomobile.com, api.sandbox.push.apple.com, api.search.brave.com, api.tavily.com, api.telegram.org, api.xmpush.xiaomi.com, ark.cn-beijing.volces.com, cdn.jsdelivr.net, cdnjs.cloudflare.com, cli.github.com, cli.vuejs.org, dashscope.aliyuncs.com, dav.jianguoyun.com, developer.mozilla.org, devtools.vuejs.org, docs.chainlesschain.com, evomap.chainlesschain.com, example.com, fcm.googleapis.com, generativelanguage.googleapis.com, github.com, graph.microsoft.com, html.duckduckgo.com, link.vuejs.org, local.chainlesschain, login.microsoftonline.com, mathiasbynens.be, matrix.org, modelcontextprotocol.io, nas.example, node.example.com, oauth-login.cloud.huawei.com, oauth2.googleapis.com, openidconnect.googleapis.com, oss-cn-hangzhou.aliyuncs.com, pinia.vuejs.org

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
src/auth/npm-auth.jsView file
6L7: import { execSync } from "child_process"; L8: import { logger } from "../lib/logger.js";
High
Child Process

Package source references child process execution.

src/auth/npm-auth.jsView on unpkg · L6
src/runtime/agent-core.jsView file
1263// Sensitive-file write guard (Claude-Code 2.1.160 parity): shell startup L1264: // files / PowerShell profiles / git+husky hooks execute code on the user's L1265: // next shell or commit — even otherwise-permitted edit flows confirm first.
High
Shell

Package source references shell execution.

src/runtime/agent-core.jsView on unpkg · L1263
src/lib/plugin-ecosystem.jsView file
86severity: REVIEW_SEVERITY.BLOCKER, L87: message: "Use of eval() — code injection risk", L88: penalty: 40,
Low
Eval

Package source references a known benign dynamic code generation pattern.

src/lib/plugin-ecosystem.jsView on unpkg · L86
scripts/postinstall.mjsView file
6try { L7: const { generateCliPacks } = await import( L8: "../src/lib/skill-packs/generator.js"
Medium
Dynamic Require

Package source references dynamic require/import behavior.

scripts/postinstall.mjsView on unpkg · L6
src/harness/prompt-compressor.jsView file
680archivedAt: null, L681: metadata: { ...(metadata || {}) }, L682: };
Low
Weak Crypto

Package source references weak cryptographic algorithms.

src/harness/prompt-compressor.jsView on unpkg · L680
src/lib/chrome-connector.jsView file
matchType = previous_version_dangerous_delta matchedPackage = chainlesschain@0.162.154 matchedIdentity = npm:Y2hhaW5sZXNzY2hhaW4:0.162.154 similarity = 0.850 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

src/lib/chrome-connector.jsView on unpkg
28*/ L29: import { spawn } from "child_process"; L30: import fs from "fs"; ... L32: import path from "path"; L33: import http from "http"; L34: ... L42: platform: () => process.platform, L43: env: () => process.env, L44: httpGet,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

src/lib/chrome-connector.jsView on unpkg · L28
src/lib/mcp-oauth.jsView file
30export const _deps = { L31: fetch: (...a) => globalThis.fetch(...a), L32: fs: fsDefault, ... L37: openBrowser: defaultOpenBrowser, L38: spawn: (...a) => spawn(...a), L39: now: () => Date.now(), ... L43: warn: (msg) => { L44: if (!process.env.VITEST) process.stderr.write(msg); L45: },
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

src/lib/mcp-oauth.jsView on unpkg · L30
src/commands/init.jsView file
58L59: 通过本地 ComfyUI 服务(默认 http://localhost:8188)生成 AI 图像。 L60: ... L99: L100: const COMFYUI_URL = process.env.COMFYUI_URL || "http://localhost:8188"; L101: const POLL_INTERVAL_MS = 2000; ... L118: res.on("end", () => { L119: const data = Buffer.concat(dataChunks).toString("utf8"); L120: try { L121: resolve({ status: res.statusCode, body: JSON.parse(data) }); L122: } catch { ... L235: ? workflow
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/commands/init.jsView on unpkg · L58
src/commands/update.jsView file
2import semver from "semver"; L3: import { execSync } from "node:child_process"; L4: import { checkForUpdates } from "../lib/version-checker.js"; ... L10: /** L11: * A version that is safe to interpolate into `npm install -g chainlesschain@<v>`. L12: * The version reaching selfUpdateCli already comes from version-checker (gated by
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

src/commands/update.jsView on unpkg · L2

Findings

1 Critical7 High5 Medium9 Low
CriticalPrevious Version Dangerous Deltasrc/lib/chrome-connector.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processsrc/auth/npm-auth.js
HighShellsrc/runtime/agent-core.js
HighSame File Env Network Executionsrc/lib/chrome-connector.js
HighCommand Output Exfiltrationsrc/lib/mcp-oauth.js
HighSandbox Evasion Gated Capabilitysrc/commands/init.js
HighRuntime Package Installsrc/commands/update.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirescripts/postinstall.mjs
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvalsrc/lib/plugin-ecosystem.js
LowWeak Cryptosrc/harness/prompt-compressor.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings