registry  /  koishi-plugin-aka-ai-image-generator  /  0.8.10

koishi-plugin-aka-ai-image-generator@0.8.10

AI image generator for Koishi (V2: semantic supplier UI, image protocols, credit billing).

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Runtime image-generation requests send prompts and optional reference images to configured OpenAI/Gemini-compatible providers. No confirmed malicious attack surface or install-time execution exists.

Static reason
One or more suspicious static signals were detected.
Trigger
Koishi plugin activation followed by an image-generation command or enabled optional bridge.
Impact
User-supplied prompts, image URLs, and configured provider credentials are used only for the advertised image-generation workflow.
Mechanism
configured AI image-provider API requests and local billing persistence
Rationale
Source implements a Koishi AI image-generation plugin with explicit provider calls and scoped local accounting storage. Scanner hits are package-aligned: dynamic import is a compatibility fallback for fixed optional integrations and secret patterns are redaction/config fields.
Evidence
package.jsondist/index.mjsREADME.mddata/aka-ai-image-generator/users.v2.jsondata/aka-ai-image-generator/users.v2.json.backupdata/aka-ai-image-generator/credit-ledger.v2.jsonldata/aka-ai-image-generator/recharge-records.v2.jsonl
Network endpoints3
api.openai.com/v1generativelanguage.googleapis.comyunwu.ai/v1

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no install lifecycle hooks or bin entry.
    • dist/index.mjs only dynamically loads two fixed optional ChatLuna/LangChain module specifiers.
    • Network calls implement configured image-generation providers and use supplied API credentials.
    • Filesystem writes are confined to Koishi data/aka-ai-image-generator billing and user-state files.
    • Credential-like patterns redact keys and authorization values in diagnostics.
    • No child-process, shell, environment harvesting, foreign config writes, or remote payload execution found.
    Behavioral surface
    Source
    DynamicRequireEvalFilesystem
    Supply chain
    HighEntropyStringsUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 439 KB of source, external domains: api.openai.com, generativelanguage.googleapis.com, yunwu.ai

    Source & flagged code

    4 flagged · loading source
    dist/index.jsView file
    2415patternName = generic_password severity = medium line = 2415 matchedText = return s..."');
    Medium
    Secret Pattern

    Package contains a possible secret pattern.

    dist/index.jsView on unpkg · L2415
    38module.exports = __toCommonJS(index_exports); L39: var import_node_path = __toESM(require("path")); L40:
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    dist/index.jsView on unpkg · L38
    441} catch (requireError) { L442: const dynamicImport = new Function("s", "return import(s)"); L443: return dynamicImport(specifier).catch((importError) => {
    Low
    Eval

    Package source references a known benign dynamic code generation pattern.

    dist/index.jsView on unpkg · L441
    dist/index.mjsView file
    2378patternName = generic_password severity = medium line = 2378 matchedText = return s..."');
    Medium
    Secret Pattern

    Hardcoded password in dist/index.mjs

    dist/index.mjsView on unpkg · L2378

    Findings

    3 Medium5 Low
    MediumSecret Patterndist/index.js
    MediumDynamic Requiredist/index.js
    MediumSecret Patterndist/index.mjs
    LowScripts Present
    LowEvaldist/index.js
    LowFilesystem
    LowHigh Entropy Strings
    LowUrl Strings