AI Security Review
scanned 2h ago · by lpm-firewall-aiRuntime image-generation requests send prompts and optional reference images to configured OpenAI/Gemini-compatible providers. No confirmed malicious attack surface or install-time execution exists.
Static reason
One or more suspicious static signals were detected.
Trigger
Koishi plugin activation followed by an image-generation command or enabled optional bridge.
Impact
User-supplied prompts, image URLs, and configured provider credentials are used only for the advertised image-generation workflow.
Mechanism
configured AI image-provider API requests and local billing persistence
Rationale
Source implements a Koishi AI image-generation plugin with explicit provider calls and scoped local accounting storage. Scanner hits are package-aligned: dynamic import is a compatibility fallback for fixed optional integrations and secret patterns are redaction/config fields.
Evidence
package.jsondist/index.mjsREADME.mddata/aka-ai-image-generator/users.v2.jsondata/aka-ai-image-generator/users.v2.json.backupdata/aka-ai-image-generator/credit-ledger.v2.jsonldata/aka-ai-image-generator/recharge-records.v2.jsonl
Network endpoints3
api.openai.com/v1generativelanguage.googleapis.comyunwu.ai/v1
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install lifecycle hooks or bin entry.
- dist/index.mjs only dynamically loads two fixed optional ChatLuna/LangChain module specifiers.
- Network calls implement configured image-generation providers and use supplied API credentials.
- Filesystem writes are confined to Koishi data/aka-ai-image-generator billing and user-state files.
- Credential-like patterns redact keys and authorization values in diagnostics.
- No child-process, shell, environment harvesting, foreign config writes, or remote payload execution found.
Behavioral surface
DynamicRequireEvalFilesystem
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.jsView file
2415patternName = generic_password
severity = medium
line = 2415
matchedText = return s..."');
Medium
38module.exports = __toCommonJS(index_exports);
L39: var import_node_path = __toESM(require("path"));
L40:
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/index.jsView on unpkg · L38441} catch (requireError) {
L442: const dynamicImport = new Function("s", "return import(s)");
L443: return dynamicImport(specifier).catch((importError) => {
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/index.jsView on unpkg · L441dist/index.mjsView file
2378patternName = generic_password
severity = medium
line = 2378
matchedText = return s..."');
Medium
Findings
3 Medium5 Low
MediumSecret Patterndist/index.js
MediumDynamic Requiredist/index.js
MediumSecret Patterndist/index.mjs
LowScripts Present
LowEvaldist/index.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings