AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. The package is a Koishi plugin that polls Weibo content, performs QR login via Puppeteer, stores Weibo cookies locally, and sends configured notifications.
Static reason
One or more suspicious static signals were detected.
Trigger
Koishi runtime enabling the plugin, configured polling/cron, or user invoking login/topic commands
Impact
Expected Weibo account cookies are stored in the Koishi database and used to fetch Weibo content for configured groups.
Mechanism
Weibo polling, QR login cookie management, media download/screenshot, and chat notification
Rationale
Static inspection shows package-aligned Weibo network activity and local cookie persistence required for its advertised Koishi notification features, with no install-time mutation, unrelated exfiltration, remote code execution, or destructive behavior. The builtin-named https dependency is suspicious hygiene but is not used by the inspected source and does not establish malicious behavior.
Evidence
package.jsonlib/index.jslib/services/login.jslib/services/cookie.jslib/services/weibo.jslib/services/message.jslib/services/weibo-super-topic.jslib/services/config.jsKoishi database table: weibo_cookiesOS temp directory: weibo-notify-*.jpg
Network endpoints10
passport.weibo.com/passport.weibo.com/visitor/genvisitor2passport.weibo.com/visitor/visitorweibo.com/www.weibo.com/ajax/statuses/mymblogm.weibo.cn/api/configweibo.com/ajax/profile/infoapi.weibo.com/2/users/show.jsonm.weibo.cn/statuses/extendapi.weibo.cn/2/statuses/container_timeline_topicpage
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
- package.json declares dependency "https" matching a Node builtin, but source does not require it.
- Runtime stores Weibo cookies in Koishi database table weibo_cookies.
- message.js writes downloaded video cover buffers to OS temp files for file:// media sending.
Evidence against
- package.json has only prepublishOnly build hook; no preinstall/install/postinstall execution.
- lib/index.js only registers Koishi plugin services, database model, timers, and routes.
- Network calls are Weibo-aligned: login, profile, timeline, media, and topic stats endpoints.
- No child_process, eval/vm/Function, native binary loading, or broad filesystem harvesting found.
- Credentials/cookies are used for Weibo requests and local Koishi database persistence, not exfiltrated to unrelated hosts.
Behavioral surface
FilesystemNetwork
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
1 flagged · loading sourcepackage.jsonView file
•Runtime dependency names matching Node built-ins: https
High
Node Builtin Dependency Squat
Package declares a runtime dependency whose name matches a Node built-in module.
package.jsonView on unpkgFindings
1 High1 Medium5 Low
HighNode Builtin Dependency Squatpackage.json
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings