registry  /  koishi-plugin-weibo-notify  /  1.0.32

koishi-plugin-weibo-notify@1.0.32

微博帖子更新推送插件,用于获取指定微博用户的最新帖子推送到指定群聊

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. At runtime, the plugin polls Weibo, performs optional QR-cookie login/refresh, and sends configured post updates through Koishi.

Static reason
One or more suspicious static signals were detected.
Trigger
User enables the Koishi plugin and configures subscriptions or QR login.
Impact
Uses user-authorized Weibo cookies to retrieve monitored content; temporary media files may be created for delivery.
Mechanism
Weibo API/browser polling with Koishi database cookie storage and message delivery.
Rationale
Source implements the advertised Koishi Weibo-monitoring and QR-login workflow. Network and cookie handling are package-aligned, and inspection found no install-time execution or concrete exfiltration/persistence chain.
Evidence
package.jsonlib/index.jslib/services/login.jslib/services/cookie.jslib/services/message.jslib/services/weibo.jslib/services/weibo-super-topic.jsreadme.md
Network endpoints6
weibo.com/www.weibo.com/ajax/statuses/mymblogm.weibo.cn/api.weibo.com/2/users/show.jsonapi.weibo.cnpassport.weibo.com/

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Runtime requests include Weibo authentication cookies.
  • Media buffers are written to OS temp paths.
  • Plugin exposes local Koishi login/status routes.
Evidence against
  • `package.json` has only `prepublishOnly`, not install hooks.
  • No child-process, shell, eval, VM, dynamic loading, or env harvesting found.
  • Network endpoints are Weibo/passport hosts aligned with post monitoring and QR login.
  • Cookie persistence is limited to the declared `weibo_cookies` Koishi database model.
  • No foreign AI-agent configuration, broad persistence, or destructive file behavior found.
Behavioral surface
Source
FilesystemNetwork
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 10 file(s), 97.4 KB of source, external domains: api.weibo.cn, api.weibo.com, m.weibo.cn, passport.weibo.com, weibo.com, www.weibo.com

Source & flagged code

1 flagged · loading source
package.jsonView file
Runtime dependency names matching Node built-ins: https
High
Node Builtin Dependency Squat

Package declares a runtime dependency whose name matches a Node built-in module.

package.jsonView on unpkg

Findings

1 High1 Medium5 Low
HighNode Builtin Dependency Squatpackage.json
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings