registry  /  modelgo-config  /  1.0.1

modelgo-config@1.0.1

🚀 一键把 ModelGo 接入 Claude Code & Codex —— 粘贴 Key 即用

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `modelgo-config` or `mgc`.
Impact
May modify Claude Code/Codex configuration via zcf and store/use the supplied ModelGo API key.
Mechanism
user-invoked agent config wrapper around `npx zcf init`
Policy narrative
When run, the CLI prompts for or accepts a ModelGo API key, optionally verifies it against ModelGo `/models`, then runs `npx -y zcf init` for Claude Code and/or Codex with custom provider URLs. The package itself does not implement hidden file harvesting, persistence, or install-time mutation, but it relies on a runtime-fetched zcf tool to write agent configs.
Rationale
The package is not malicious because the agent configuration behavior is explicit, user-invoked, and package-aligned, with no install hook or covert exfiltration found. The unpinned runtime `npx zcf` delegation and credential-bearing agent config writes leave enough agent-facing risk to warn rather than mark fully clean.
Evidence
package.jsondist/index.jsREADME.md~/.claude/settings.json~/.codex/config.toml~/.codex/auth.json
Network endpoints4
api.modelgo.aiapi.modelgo.ai/v1api.modelgo.comapi.modelgo.com/v1

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/index.js invokes `npx -y zcf init` at CLI runtime, not as a dependency-pinned library.
  • README.md states zcf writes Claude Code `~/.claude/settings.json` and Codex `~/.codex/config.toml`/`auth.json` with the supplied API key.
  • dist/index.js sends bearer API key to ModelGo `/v1/models` for verification.
Evidence against
  • package.json has no install/postinstall/prepare lifecycle hook; `prepublishOnly` only builds before publishing.
  • dist/index.js behavior is behind explicit bin/CLI execution and matches README purpose.
  • No code reads broad files, environment secrets, shell profiles, VCS hooks, or persistence locations directly.
  • Network endpoints are ModelGo API hosts aligned with package documentation.
Behavioral surface
Source
FilesystemNetworkShell
Supply chain
UrlStrings
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.70 KB of source, external domains: api.modelgo.ai, api.modelgo.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
4import * as p from "@clack/prompts"; L5: import { execa } from "execa"; L6: import pc from "picocolors";
High
Shell

Package source references shell execution.

dist/index.jsView on unpkg · L4
68${pc.bold("\u7528\u6CD5")} L69: npx -y modelgo-config \u4EA4\u4E92\u5F0F\uFF0C\u9009\u62E9\u7AD9\u70B9 + \u7C98\u8D34 Key L70: npx -y modelgo-config -k sk-xxx \u5E26 Key\uFF0C\u4ECD\u4F1A\u4EA4\u4E92\u9009\u62E9\u7AD9\u70B9 ... L83: async function runZcf(codeType, baseUrl, key, verbose) { L84: await execa( L85: "npx",
High
Runtime Package Install

Package source invokes a package manager install command at runtime.

dist/index.jsView on unpkg · L68

Findings

2 High1 Medium4 Low
HighShelldist/index.js
HighRuntime Package Installdist/index.js
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowUrl Strings