registry  /  flowmind  /  1.5.14

flowmind@1.5.14

Memory and workflow automation for MCP, Codex, and Claude Code. Reuse repeatable developer operations through skills and explicit feedback.

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package can import local SDD-Agent resource and scene configuration into its own `~/.flowmind` state. This occurs only through an explicit command or an opt-in environment variable during FlowMind initialization; no install-time behavior was found.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
Run a FlowMind CLI/MCP command with `FLOWMIND_ENABLE_SDD_AGENT_AUTO_SYNC=1`, or invoke `flowmind resource --sync-sdd-agent`.
Impact
Copies local agent resource metadata and bindings into `~/.flowmind`; no confirmed foreign-agent control hijack or exfiltration.
Mechanism
guarded cross-agent configuration import into FlowMind-owned state
Rationale
No concrete malicious behavior was found, but the opt-in cross-agent configuration migration is a real agent-extension lifecycle capability. It should be warned on rather than blocked because it is guarded and writes only package-owned state.
Evidence
package.jsoncore/index.jscore/sdd-agent-sync.jsbin/flowmind.jsbin/flowmind-codex.jscore/config-manager.jscore/skill-loader.jscore/update-notifier.jsmcp/server.jscore/ai/base-model.jscore/ai/providers/openai.js

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `core/index.js` invokes guarded SDD-Agent auto-sync during FlowMind initialization.
  • `core/sdd-agent-sync.js` reads `~/.sdd-agent` and writes imported configuration under `~/.flowmind`.
  • `bin/flowmind.js` exposes explicit `resource --sync-sdd-agent` import.
  • `bin/flowmind.js` runs `npm install` only through the explicit `flowmind update` command.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • Auto-sync is disabled unless `FLOWMIND_ENABLE_SDD_AGENT_AUTO_SYNC=1` or forced.
  • Sync writes FlowMind-owned paths, not Codex/Claude configuration paths.
  • AI provider HTTP requests use configured provider endpoints and API keys; no unrelated exfiltration endpoint found.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 104 file(s), 796 KB of source, external domains: 127.0.0.1, aip.baidubce.com, api.anthropic.com, api.deepseek.com, api.mimo.ai, api.openai.com, cli.github.com, dashscope.aliyuncs.com, open.bigmodel.cn, yapi.example.com

Source & flagged code

5 flagged · loading source
core/release-check.jsView file
2const path = require('path'); L3: const { execFile } = require('child_process'); L4: const { promisify } = require('util');
High
Child Process

Package source references child process execution.

core/release-check.jsView on unpkg · L2
bin/flowmind.jsView file
matchType = previous_version_dangerous_delta matchedPackage = flowmind@1.5.11 matchedIdentity = npm:Zmxvd21pbmQ:1.5.11 similarity = 0.640 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

bin/flowmind.jsView on unpkg
3456stdio: 'inherit', L3457: shell: true L3458: });
High
Shell

Package source references shell execution.

bin/flowmind.jsView on unpkg · L3456
3675try { L3676: const globalRoot = execSync('npm root -g', { encoding: 'utf-8' }).trim(); L3677: const localPath = require.resolve('../package.json'); ... L3682: const installCmd = isGlobal L3683: ? `npm install -g flowmind@${latestVersion}` L3684: : `npm install flowmind@${latestVersion}`;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/flowmind.jsView on unpkg · L3675
core/honor-engine.jsView file
5L6: const fs = require('fs-extra'); L7: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

core/honor-engine.jsView on unpkg · L5

Findings

1 Critical3 High4 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/flowmind.js
HighChild Processcore/release-check.js
HighShellbin/flowmind.js
HighRuntime Package Installbin/flowmind.js
MediumDynamic Requirecore/honor-engine.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings