registry  /  flowmind  /  1.5.8

flowmind@1.5.8

Memory and workflow automation for MCP, Codex, and Claude Code. Reuse repeatable developer operations through skills and explicit feedback.

AI Security Review

scanned 10d ago · by lpm-firewall-ai

No confirmed malicious attack surface was found. Risky primitives are tied to explicit CLI workflows, local configuration, update checks, configured AI providers, or MCP adapter use.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs FlowMind CLI/MCP commands such as init, process, update, or configured skills.
Impact
Local config/learning files may be created or updated; network calls go to npm, configured AI providers, or configured MCP endpoints.
Mechanism
User-invoked workflow automation and local state management
Rationale
Static inspection found risky capabilities, but they are user-invoked and aligned with a CLI/MCP workflow automation package. No lifecycle execution, covert exfiltration, persistence, destructive behavior, or unconsented AI-agent control-surface mutation was confirmed.
Evidence
package.jsonbin/flowmind.jsbin/flowmind-codex.jscore/index.jscore/update-notifier.jscore/config-manager.jscore/sdd-agent-sync.jscore/mcp-http-client.jsmcp/server.jscore/ai/providers/openai.jscore/ai/providers/ernie.js~/.flowmind/config.json~/.flowmind/ai-config.json~/.flowmind/learning/~/.flowmind/resource-config.json~/.flowmind/component-config.json~/.flowmind/sdd-agent-sync-state.json.flowmind-codex/config.json
Network endpoints8
api.openai.com/v1api.anthropic.comapi.deepseek.com/v1dashscope.aliyuncs.com/compatible-mode/v1open.bigmodel.cn/api/paas/v4api.mimo.ai/v1aip.baidubce.com/oauth/2.0/tokenlocalhost:11434

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • bin/flowmind.js has an explicit user-run update command that shells out to npm install.
  • core/index.js auto-syncs local ~/.sdd-agent data into ~/.flowmind on FlowMind initialization.
Evidence against
  • package.json has no install/preinstall/postinstall lifecycle scripts.
  • bin/flowmind.js npm install path is gated behind explicit `flowmind update`, not install/import time.
  • Network use is package-aligned: npm version checks, configured MCP HTTP calls, and user-configured AI provider APIs.
  • core/config-manager.js dynamic require only loads local flowmind.config.js when the user runs FlowMind in that project.
  • No credential harvesting or exfiltration to attacker-controlled endpoints found in inspected source.
  • MCP/bin entrypoints expose workflow automation features consistent with package description.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 87 file(s), 476 KB of source, external domains: aip.baidubce.com, api.anthropic.com, api.deepseek.com, api.mimo.ai, api.openai.com, cli.github.com, dashscope.aliyuncs.com, open.bigmodel.cn, yapi.example.com

Source & flagged code

6 flagged · loading source
core/update-notifier.jsView file
1const { execFile, execSync } = require('child_process'); L2: const { promisify } = require('util');
High
Child Process

Package source references child process execution.

core/update-notifier.jsView on unpkg · L1
bin/flowmind.jsView file
matchType = previous_version_dangerous_delta matchedPackage = flowmind@1.5.3 matchedIdentity = npm:Zmxvd21pbmQ:1.5.3 similarity = 0.695 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

bin/flowmind.jsView on unpkg
1591stdio: 'inherit', L1592: shell: true L1593: });
High
Shell

Package source references shell execution.

bin/flowmind.jsView on unpkg · L1591
1761try { L1762: const globalRoot = execSync('npm root -g', { encoding: 'utf-8' }).trim(); L1763: const localPath = require.resolve('../package.json'); ... L1768: const installCmd = isGlobal L1769: ? `npm install -g flowmind@${latestVersion}` L1770: : `npm install flowmind@${latestVersion}`;
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

bin/flowmind.jsView on unpkg · L1761
core/honor-engine.jsView file
5L6: const fs = require('fs-extra'); L7: const path = require('path');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

core/honor-engine.jsView on unpkg · L5
demo/common.shView file
path = demo/common.sh kind = build_helper sizeBytes = 579 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

demo/common.shView on unpkg

Findings

1 Critical3 High5 Medium4 Low
CriticalPrevious Version Dangerous Deltabin/flowmind.js
HighChild Processcore/update-notifier.js
HighShellbin/flowmind.js
HighRuntime Package Installbin/flowmind.js
MediumDynamic Requirecore/honor-engine.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperdemo/common.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings