registry  /  openyida  /  2026.7.12

openyida@2026.7.12

⚠ Under review

OpenYida CLI - 宜搭低代码 AI 开发工具(安装即用,零配置)

Static Scan Results

scanned 3h ago · by rust-scanner

Static analysis flagged 18 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 198 file(s), 3.28 MB of source, external domains: 127.0.0.1, api.dingtalk.com, api.example.com, applink.dingtalk.com, attend.dingtalk.com, cdn.example.com, cdn.jsdelivr.net, demo.aliwork.com, docs.aliwork.com, dws.company.com, esm.sh, example.com, g.alicdn.com, geo.datav.aliyun.com, github.com, img.alicdn.com, login.dingtalk.com, login.dingtalk.io, login.example.test, openyida.ai, raw.githubusercontent.com, registry.npmjs.org, schemas.openxmlformats.org, www.aliwork.com, www.w3.org, www.yidaapps.com, yida-group.alibaba-inc.com, yida.company.com, yidalogin.aliwork.com

Source & flagged code

10 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
yida-skills/skills/sls-log-workbench/sls-query.jsView file
80try { L81: const openyidaBin = require('child_process') L82: .execSync('which openyida', { encoding: 'utf-8' })
High
Child Process

Package source references child process execution.

yida-skills/skills/sls-log-workbench/sls-query.jsView on unpkg · L80
lib/app/create-form.jsView file
3245var fields = openyidaRuleCollectFields(ctx, event); L3246: return (new Function('value', 'fields', 'event', 'ctx', 'return (' + rule.expression + ');'))(sourceValue, fields, event || {}, ctx); L3247: }
Low
Eval

Package source references a known benign dynamic code generation pattern.

lib/app/create-form.jsView on unpkg · L3245
bin/yida.jsView file
12L13: const { version: currentVersion } = require('../package.json'); L14: const { t } = require('../lib/core/i18n');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

bin/yida.jsView on unpkg · L12
lib/feedback/feedback.jsView file
5const crypto = require('crypto'); L6: const { spawnSync } = require('child_process'); L7: ... L47: function printUsage() { L48: process.stderr.write(` L49: 用法: ... L322: function resolveCliPath() { L323: return path.join(__dirname, '..', '..', 'bin', 'yida.js'); L324: } ... L330: env: { L331: ...process.env, L332: YIDA_QUIET: '1',
Low
Weak Crypto

Package source references weak cryptographic algorithms.

lib/feedback/feedback.jsView on unpkg · L5
scripts/eval/dashboard/server.jsView file
6L7: const http = require('http'); L8: const fs = require('fs'); L9: const path = require('path'); L10: const { spawn } = require('child_process'); L11: ... L13: const HOST = '127.0.0.1'; L14: const PORT = Number(process.env.EVAL_DASHBOARD_PORT || process.argv[2] || 4500); L15:
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

scripts/eval/dashboard/server.jsView on unpkg · L6
lib/dws/dws-wrapper.jsView file
12L13: const { execSync, spawn } = require('child_process'); L14: const { t } = require('../core/i18n'); ... L18: const INSTALL_SCRIPTS = { L19: unix: 'curl -fsSL https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.sh | sh', L20: windows: 'irm https://raw.githubusercontent.com/DingTalk-Real-AI/dingtalk-workspace-cli/main/scripts/install.ps1 | iex' ... L28: try { L29: const command = process.platform === 'win32' ? 'where' : 'which'; L30: execSync(`${command} ${DWS_BINARY_NAME}`, { stdio: 'ignore' }); ... L115: input: process.stdin, L116: output: process.stdout L117: });
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

lib/dws/dws-wrapper.jsView on unpkg · L12
scripts/postinstall.jsView file
11Install-time AI-agent control hijack evidence: L11: * 正确的 skills 安装路径(所有工具统一使用 skills/ 子目录): L12: * ~/.claude/skills/yida-skills/ ← <package>/yida-skills (copy) L13: * ~/.codex/skills/yida-skills/ ← <package>/yida-skills (copy) L14: * ~/.opencode/skills/yida-skills/ ← <package>/yida-skills (copy) L15: * ~/.aone_copilot/skills/yida-skills/ ← <package>/yida-skills (copy) ... L53: if (!fs.existsSync(src)) {return;} L54: fs.mkdirSync(dest, { recursive: true }); L55: const entries = fs.readdirSync(src, { withFileTypes: true }); ... L61: } else { L62: fs.copyFileSync(srcPath, destPath); L63: } ... L70: function writeJsonFile(filePath, data) { Payload evidence from yida-skills/SKILL.md: L144: 3. **发布前本地校验**:native `.oyd.jsx` / `.jsx` 页面发布前跑 `openyida check-page` + `openyida compile`;Code Canvas `.canvas.jsx` 不跑这两个 native 检查,改由 `openyida publish` 的 Canvas 编译阶段或 `compileC... L145: 4. **命令输入文件禁止 shell 写入**:当 OpenYida 命令需要 JSON/YAML/CSV/config/script 文件参数时,先使用当前 agent 运行时提供的结构化文件写入工具(如 create_file / Write / file edit tool)创建文件,再把路径传给命令;禁止用 shell heredoc、`cat`/... L146:
Critical
Ai Agent Control Hijack

Install-time source drops package-supplied AI-agent/MCP control files or instructions.

scripts/postinstall.jsView on unpkg · L11
scripts/demo-dws.shView file
path = scripts/demo-dws.sh kind = build_helper sizeBytes = 3040 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/demo-dws.shView on unpkg

Findings

1 Critical5 High6 Medium6 Low
CriticalAi Agent Control Hijackscripts/postinstall.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processyida-skills/skills/sls-log-workbench/sls-query.js
HighShell
HighSame File Env Network Executionscripts/eval/dashboard/server.js
HighSandbox Evasion Gated Capabilitylib/dws/dws-wrapper.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requirebin/yida.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build Helperscripts/demo-dws.sh
MediumStructural Risk Force Deep Review
LowScripts Present
LowEvallib/app/create-form.js
LowWeak Cryptolib/feedback/feedback.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings