registry  /  flowmind  /  1.4.8

flowmind@1.4.8

Memory and workflow automation for MCP, Codex, and Claude Code. Reuse repeatable developer operations through skills and explicit feedback.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI/MCP features such as AI calls, local config/learning storage, git/project review, gist export, and manual self-update.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User invokes flowmind CLI/MCP commands such as init, process, publish --gist, project-review, or update.
Impact
Local FlowMind config/learning files may be created or updated; configured AI endpoints may receive user prompts; manual update can invoke npm.
Mechanism
User-invoked workflow automation and AI-provider integration
Rationale
Static inspection found no install-time execution, credential harvesting, persistence, destructive behavior, or hidden exfiltration. The scanner-highlighted npm install, child_process, dynamic require, env, and network usage are explainable by explicit developer-tool features and require user invocation/configuration.
Evidence
package.jsonbin/flowmind.jsbin/flowmind-codex.jscore/index.jscore/skill-loader.jscore/config-manager.jscore/ai/base-model.jscore/ai/providers/openai.jscore/ai/providers/ollama.jsmcp/server.jsskills/git-review/index.jsskills/project-review/index.js~/.flowmind/config.json~/.flowmind/ai-config.json~/.flowmind/honor.json.flowmind-codex/config.json
Network endpoints2
api.openai.com/v1localhost:11434

Decision evidence

public snapshot
AI called this Clean at 87.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install/preinstall/postinstall lifecycle hooks.
    • bin/flowmind.js child_process use is limited to user-invoked commands: gist publishing, editor launch, and update command.
    • bin/flowmind.js update runs npm install only when the user explicitly invokes flowmind update.
    • core/ai providers call configured AI/Ollama endpoints for declared agent features, not hidden exfiltration.
    • core/skill-loader.js dynamically requires bundled skill index.js files from the configured skills directory during normal plugin loading.
    • flowmind-codex writes only workspace .flowmind-codex config for its declared Codex wrapper behavior.
    Behavioral surface
    Source
    ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 76 file(s), 315 KB of source, external domains: aip.baidubce.com, api.anthropic.com, api.deepseek.com, api.mimo.ai, api.openai.com, cli.github.com, dashscope.aliyuncs.com, open.bigmodel.cn

    Source & flagged code

    6 flagged · loading source
    bin/flowmind.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = flowmind@1.5.3 matchedIdentity = npm:Zmxvd21pbmQ:1.5.3 similarity = 0.658 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    bin/flowmind.jsView on unpkg
    13const path = require('path'); L14: const { execSync } = require('child_process'); L15: const FlowMind = require('../core');
    High
    Child Process

    Package source references child process execution.

    bin/flowmind.jsView on unpkg · L13
    1389stdio: 'inherit', L1390: shell: true L1391: });
    High
    Shell

    Package source references shell execution.

    bin/flowmind.jsView on unpkg · L1389
    1628try { L1629: const globalRoot = execSync('npm root -g', { encoding: 'utf-8' }).trim(); L1630: const localPath = require.resolve('../package.json'); ... L1635: const installCmd = isGlobal L1636: ? `npm install -g flowmind@${latestVersion}` L1637: : `npm install flowmind@${latestVersion}`;
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    bin/flowmind.jsView on unpkg · L1628
    core/honor-engine.jsView file
    5L6: const fs = require('fs-extra'); L7: const path = require('path');
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    core/honor-engine.jsView on unpkg · L5
    demo/common.shView file
    path = demo/common.sh kind = build_helper sizeBytes = 579 magicHex = [redacted]
    Medium
    Ships Build Helper

    Package ships non-JavaScript build or shell helper files.

    demo/common.shView on unpkg

    Findings

    1 Critical3 High5 Medium4 Low
    CriticalPrevious Version Dangerous Deltabin/flowmind.js
    HighChild Processbin/flowmind.js
    HighShellbin/flowmind.js
    HighRuntime Package Installbin/flowmind.js
    MediumDynamic Requirecore/honor-engine.js
    MediumNetwork
    MediumEnvironment Vars
    MediumShips Build Helperdemo/common.sh
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings