registry  /  prismstudio  /  0.1.4

prismstudio@0.1.4

多模态生成控制台:图像 / 视频 / 音频一键生成,兼容国内外主流模型,内嵌 WebUI 配置与试用台。

AI Security Review

scanned 28m ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a user-invoked MCP/WebUI media generation tool that stores user-provided provider credentials locally and calls selected model provider APIs.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs prismstudio, prismstudio --webui, or invokes its MCP media generation tools.
Impact
Expected provider API use and local media/config writes; no unconsented install-time or import-time behavior identified.
Mechanism
Local MCP server and loopback WebUI for image/video/audio generation.
Rationale
Static source inspection shows package-aligned, user-invoked MCP/WebUI media generation with local config/output persistence and expected provider API traffic. Scanner hits for network, env, and child_process are explained by provider calls, PRISMSTUDIO_CONFIG/PRISMSTUDIO_NO_OPEN, and opening a browser, with no concrete malicious behavior.
Evidence
package.jsondist/index.jsdist/webui/server.jsdist/config.jsdist/mcp-server.jsdist/persist.jsdist/engine/media-generation-engine.jsdist/engine/google-auth.js~/.prismstudio/config.json$PRISMSTUDIO_CONFIG~/.prismstudio/playground<outputDir>/generated-media
Network endpoints11
api.openai.com/v1generativelanguage.googleapis.comaiplatform.googleapis.comoauth2.googleapis.com/tokenark.cn-beijing.volces.com/api/v3open.bigmodel.cn/api/paas/v4api.minimaxi.com/v1dashscope.aliyuncs.com/api/v1api.stability.ai/v2beta/stable-image/generatetokenhub.tencentmaas.com/v1api.klingai.com

Decision evidence

public snapshot
AI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
  • User-invoked MCP tools can read reference media paths, but readReferenceFiles confines relative/absolute inputs to ctx.outputDir when cwd is set.
  • WebUI stores API keys in plaintext config by design and exposes local /api/test, but binds only 127.0.0.1 and validates loopback Origin/Sec-Fetch.
  • WebUI export returns MCP config snippets for Claude/Cursor/Cline but does not write agent config files.
Evidence against
  • package.json has no install/postinstall hook; prepublishOnly only runs npm run build for publishers.
  • dist/index.js only starts stdio MCP mode or a --webui local server when explicitly run.
  • dist/webui/server.js child_process exec is limited to opening the local browser after --webui startup.
  • dist/config.js writes only PRISMSTUDIO_CONFIG or ~/.prismstudio/config.json; dist/persist.js writes generated media outputs.
  • Network calls in dist/engine/media-generation-engine.js target configured model provider APIs for media generation/polling/downloads.
  • No credential harvesting, persistence, destructive behavior, remote code execution, or unconsented AI-agent control-surface mutation found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsObfuscatedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 307 KB of source, external domains: 127.0.0.1, aiplatform.googleapis.com, aistudio.google.com, api.klingai.com, api.minimaxi.com, api.openai.com, api.stability.ai, ark.cn-beijing.volces.com, bailian.console.aliyun.com, cloud.google.com, console.volcengine.com, dashscope.aliyuncs.com, generativelanguage.googleapis.com, github.com, klingai.com, oauth2.googleapis.com, open.bigmodel.cn, platform.minimax.io, platform.openai.com, platform.stability.ai, tokenhub.tencentmaas.com, www.googleapis.com, www.w3.org, your-gateway.com

Source & flagged code

3 flagged · loading source
dist/webui/server.jsView file
517async function openBrowser(url) { L518: const { exec } = await import('node:child_process'); L519: const cmd = process.platform === 'darwin'
High
Child Process

Package source references child process execution.

dist/webui/server.jsView on unpkg · L517
504server.listen(port, '127.0.0.1', () => { L505: const url = `http://127.0.0.1:${port}`; L506: process.stderr.write(`\n[prismstudio] WebUI 已启动:${url}\n`); ... L509: // 尝试自动打开浏览器(非关键,失败静默);CI/测试可用 PRISMSTUDIO_NO_OPEN=1 禁用。 L510: if (process.env.PRISMSTUDIO_NO_OPEN !== '1') L511: openBrowser(url).catch(() => { }); ... L517: async function openBrowser(url) { L518: const { exec } = await import('node:child_process'); L519: const cmd = process.platform === 'darwin'
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/webui/server.jsView on unpkg · L504
504server.listen(port, '127.0.0.1', () => { L505: const url = `http://127.0.0.1:${port}`; L506: process.stderr.write(`\n[prismstudio] WebUI 已启动:${url}\n`); L507: process.stderr.write(`[prismstudio] 配置文件:${getConfigPath()}\n`); ... L517: async function openBrowser(url) { L518: const { exec } = await import('node:child_process'); L519: const cmd = process.platform === 'darwin'
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/webui/server.jsView on unpkg · L504

Findings

3 High3 Medium6 Low
HighChild Processdist/webui/server.js
HighSame File Env Network Executiondist/webui/server.js
HighCommand Output Exfiltrationdist/webui/server.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings