registry  /  flowmind  /  1.5.3

flowmind@1.5.3

Memory and workflow automation for MCP, Codex, and Claude Code. Reuse repeatable developer operations through skills and explicit feedback.

AI Security Review

scanned 11d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The main risk is broad local config synchronization from SDD-Agent and Claude debug logs into FlowMind storage during normal initialization, but inspection found no exfiltration or lifecycle execution.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs flowmind, flowmind-codex, flowmind-mcp, or any path that initializes FlowMind
Impact
May copy local SDD-Agent resource metadata into ~/.flowmind; no remote theft or persistence confirmed
Mechanism
local config import and package-aligned runtime commands
Rationale
Static inspection found risky local synchronization and user-invoked shell/network features, but no install-time execution, unauthorized remote exfiltration, destructive behavior, persistence, or AI-agent control-surface mutation. The scanner's dangerous labels are explained by package-aligned CLI/update/MCP/AI functionality and local migration behavior.
Evidence
package.jsoncore/index.jscore/sdd-agent-sync.jsbin/flowmind.jsbin/flowmind-codex.jsmcp/server.jscore/mcp-http-client.jscore/ai/base-model.js~/.flowmind/config.json~/.flowmind/ai-config.json~/.flowmind/honor.json~/.flowmind/resource-config.json~/.flowmind/component-config.json~/.flowmind/learning/resource-bindings.json~/.flowmind/learning/scenes.json~/.flowmind/source/*
Network endpoints8
api.openai.com/v1api.anthropic.comapi.deepseek.com/v1open.bigmodel.cn/api/paas/v4api.mimo.ai/v1dashscope.aliyuncs.com/compatible-mode/v1aip.baidubce.com/rpc/2.0/ai_custom/v1/wenxinworkshoplocalhost:11434

Decision evidence

public snapshot
AI called this Clean at 78.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • core/index.js calls autoSyncSddAgentToFlowMind() during FlowMind init
  • core/sdd-agent-sync.js reads ~/.sdd-agent configs and ~/.claude/debug logs, then writes derived FlowMind config under ~/.flowmind
  • core/sdd-agent-sync.js may copy selected ~/.sdd-agent/source files into ~/.flowmind/source
  • bin/flowmind.js update command runs npm view/install, but only when user invokes flowmind update
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle hooks
  • No import-time execution beyond module definitions; writes occur on explicit CLI/MCP initialization paths
  • No credential or file exfiltration endpoint found; network calls are user-configured AI/MCP providers or explicit update check
  • bin/flowmind.js child_process use is limited to user-invoked gh gist, editor, TUI, and update workflows
  • AI provider endpoints in core/ai/providers are normal package-aligned API calls using user-supplied config/env keys
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 82 file(s), 422 KB of source, external domains: aip.baidubce.com, api.anthropic.com, api.deepseek.com, api.mimo.ai, api.openai.com, cli.github.com, dashscope.aliyuncs.com, open.bigmodel.cn, yapi.example.com

Source & flagged code

6 flagged · loading source
bin/flowmind.jsView file
13const path = require('path'); L14: const { execSync } = require('child_process'); L15: const FlowMind = require('../core');
High
Child Process

Package source references child process execution.

bin/flowmind.jsView on unpkg · L13
1512stdio: 'inherit', L1513: shell: true L1514: });
High
Shell

Package source references shell execution.

bin/flowmind.jsView on unpkg · L1512
1782try { L1783: const globalRoot = execSync('npm root -g', { encoding: 'utf-8' }).trim(); L1784: const localPath = require.resolve('../package.json'); ... L1789: const installCmd = isGlobal L1790: ? `npm install -g flowmind@${latestVersion}` L1791: : `npm install flowmind@${latestVersion}`;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/flowmind.jsView on unpkg · L1782
core/honor-engine.jsView file
5L6: const fs = require('fs-extra'); L7: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

core/honor-engine.jsView on unpkg · L5
demo/common.shView file
path = demo/common.sh kind = build_helper sizeBytes = 579 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

demo/common.shView on unpkg
core/sdd-agent-sync.jsView file
matchType = previous_version_dangerous_delta matchedPackage = flowmind@1.5.1 matchedIdentity = npm:Zmxvd21pbmQ:1.5.1 similarity = 0.848 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

core/sdd-agent-sync.jsView on unpkg

Findings

1 Critical3 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltacore/sdd-agent-sync.js
HighChild Processbin/flowmind.js
HighShellbin/flowmind.js
HighRuntime Package Installbin/flowmind.js
MediumDynamic Requirecore/honor-engine.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdemo/common.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings