registry  /  publishport-opencli  /  1.8.5-pp.20

publishport-opencli@1.8.5-pp.20

Make any website or Electron App your CLI. AI-powered.

AI Security Review

scanned 1d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established by source inspection. The risky primitives are lifecycle-local setup, user-invoked adapter/plugin loading, browser automation, and package-aligned network/version checks.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
global npm install, opencli runtime commands, or explicit adapter/browser actions
Impact
local OpenCLI state may be created or updated; no confirmed credential exfiltration, persistence, or destructive behavior beyond documented OpenCLI state management
Mechanism
package-aligned CLI setup and user-invoked browser/site automation
Rationale
Source inspection found high-risk primitives, but they are consistent with an OpenCLI browser/site automation package and gated by global install or explicit user commands. I did not find concrete unconsented exfiltration, malicious persistence, install-time payload download, or AI-agent control-surface mutation.
Evidence
package.jsonscripts/postinstall.jsscripts/fetch-adapters.jsdist/src/main.jsdist/src/discovery.jsdist/src/external.jsdist/src/update-check.jsdist/src/browser/article-extract.jsclis/segmentfault/article.jsdist/src/node-network.jsdist/src/browser/managed-chrome.jsdist/src/cli.js
Network endpoints7
127.0.0.1:19825/shutdownregistry.npmjs.org/@jackwener/opencli/latestapi.github.com/repos/jackwener/OpenCLI/releases?per_page=20segmentfault.com/writesegmentfault.com/gateway/imagesegmentfault.com/gateway/draftsegmentfault.com/gateway/article

Decision evidence

public snapshot
AI called this Clean at 82.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines postinstall and preuninstall lifecycle hooks.
  • scripts/postinstall.js writes shell completion files and ~/.opencli/spotify.env only for global installs.
  • scripts/fetch-adapters.js can remove stale ~/.opencli/clis overrides on global/explicit first-run sync.
  • dist/src/discovery.js dynamically imports adapters/plugins from package and ~/.opencli at runtime.
  • clis/segmentfault/article.js mutates XMLHttpRequest.prototype inside the browser page during a user-invoked publish flow.
Evidence against
  • No install-time credential harvesting or outbound exfiltration found in inspected lifecycle scripts.
  • scripts/fetch-adapters.js comment and code state no network calls; it hashes packaged clis/ files and updates a local manifest.
  • Network calls in clis/segmentfault/article.js target segmentfault.com for the declared SegmentFault adapter and require --execute for write publishing.
  • dist/src/external.js parses install commands and rejects shell metacharacters before execFileSync.
  • dist/src/update-check.js only performs background version checks to npm registry and GitHub releases with cached local state.
  • dist/src/browser/article-extract.js uses new Function to load bundled Mozilla Readability sources for page extraction.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedObfuscatedTelemetryUrlStrings
Manifest
NoLicense
scanned 1,556 file(s), 4.79 MB of source, external domains: 127.0.0.1, 36kr.com, a.example, account.dianping.com, accounts.douban.com, accounts.google.com, accounts.pixiv.net, accounts.spotify.com, admin.xiaoe-tech.com, api.bilibili.com, api.chess.com, api.coingecko.com, api.dictionaryapi.dev, api.fda.gov, api.github.com, api.juejin.cn, api.llama.fi, api.m.jd.com, api.manus.im, api.npmjs.org, api.nuget.org, api.openalex.org, api.osv.dev, api.ruguoapp.com, api.semanticscholar.org, api.slock.ai, api.spotify.com, api.stackexchange.com, api.tvmaze.com, api.xiaoyuzhoufm.com, api.zhihu.com, api.zsxq.com, api2.mubu.com, api2.openreview.net, apiv1.oschina.net, app.cj.sina.com.cn, app.slock.ai, appxxxx.h5.xet.citv.cn, archive.org, arxiv.org, assets.grok.com, auth.1point3acres.com, auth.band.us, auth.openai.com, azuresearch-usnc.nuget.org, baijiahao.baidu.com, bbs.hupu.com, bid.powerchina.cn, bizapi.csdn.net, blog.51cto.com

Source & flagged code

12 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
dist/src/external.jsView file
1import*as Q from"node:fs";import*as Y from"node:path";import*as V from"node:os";import{fileURLToPath as M}from"node:url";import{spawnSync as U,execFileSync as L}from"node:child_pro...
High
Child Process

Package source references child process execution.

dist/src/external.jsView on unpkg · L1
dist/src/browser/article-extract.jsView file
1import*as j from"node:fs";import{createRequire as O}from"node:module";const v=O(import.meta.url);let Y=null;function U(){if(Y)return Y;const Q=v.resolve("@mozilla/readability/Reada... L2: `)}export async function extractArticle(Q,V={}){const Z=buildExtractArticleJs(V),W=await Q.evaluate(Z);if(W==null||typeof W!=="object")return null;const z=W;if(typeof z.html!=="str...
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/browser/article-extract.jsView on unpkg · L1
dist/src/discovery.jsView file
1import*as H from"node:fs";import*as G from"node:os";import*as Y from"node:path";import{fileURLToPath as F,pathToFileURL as v}from"node:url";import{Strategy as A,registerCommand as ... L2: `;try{if(await H.promises.readFile(x,"utf-8")!==B)await H.promises.writeFile(x,B,"utf-8")}catch{await H.promises.writeFile(x,B,"utf-8")}const V=L,q=Y.join(z,"node_modules","@jackwe...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/discovery.jsView on unpkg · L1
clis/flomo/memos.jsView file
1import{cli as y,Strategy as A}from"@jackwener/opencli/registry";import{ArgumentError as m,AuthRequiredError as l,CommandExecutionError as s,EmptyResultError as b}from"@jackwener/op... L2: (() => { ... L5: if (!raw) return null; L6: const me = JSON.parse(raw); L7: const token = me?.access_token || me?.data?.access_token || ''; ... L12: })() L13: `}function P(t){return/auth|unauth|login|token|permission|forbidden|unauthorized|登录|登陆|鉴权|权限/i.test(String(t||""))}function $(t){if(!Array.isArray(t))return"";return t.map((e)=>{if...
Low
Weak Crypto

Package source references weak cryptographic algorithms.

clis/flomo/memos.jsView on unpkg · L1
scripts/postinstall.jsView file
7* standard completion directory. For zsh and bash, the script prints manual L8: * instructions instead of modifying rc files (~/.zshrc, ~/.bashrc) — this L9: * avoids breaking multi-line shell commands and other fragile rc structures. ... L60: function detectShell() { L61: const shell = process.env.SHELL || ''; L62: if (shell.includes('zsh')) return 'zsh'; ... L77: // Skip in CI environments L78: if (process.env.CI || process.env.CONTINUOUS_INTEGRATION) { L79: return; ... L93: L94: const home = homedir(); L95:
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/postinstall.jsView on unpkg · L7
dist/src/browser/managed-chrome.jsView file
1import{execFileSync as R}from"node:child_process";import*as B from"node:fs";import*as W from"node:path";import{request as x}from"node:http";import{WebSocket as T}from"ws";import{pr...
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/src/browser/managed-chrome.jsView on unpkg · L1
dist/src/launcher.jsView file
1import{execFileSync as G,spawn as w}from"node:child_process";import{request as D}from"node:http";import*as K from"node:path";import{getElectronApp as U}from"./electron-apps.js";imp... L2: ${j(X,J)} L3: `+` • Set OPENCLI_CDP_ENDPOINT=http://127.0.0.1:${J} L4: `+` • Or just re-run the command once ${X} is listening on port ${J}.`);if(detectProcess(W)){H.debug(`[launcher] ${X} is running but CDP not available`);if(!await q(`${X} is runni... L5: `);await killProcess(W)}const B=discoverAppPath(X);if(!B)throw new $(`Could not find ${X} on this machine.`,`Install ${X} or register a custom path in ~/.opencli/apps.yaml`);const ...
High
Command Output Exfiltration

Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

dist/src/launcher.jsView on unpkg · L1
clis/segmentfault/article.jsView file
1import{CliError as O,CommandExecutionError as v}from"@jackwener/opencli/errors";import{cli as y,Strategy as C}from"@jackwener/opencli/registry";import{publishArticle as p}from"../_... L2: </script>`,U);if(T!==-1)try{const V=JSON.parse(G.substring(U+_.length,T));Z=V&&V.global&&V.global.sessionInfo&&V.global.sessionInfo.key}catch(V){}}}if(!Z)throw Error("获取思否 session ... L3: </script>`,z);if(J!==-1)try{const K=JSON.parse(Z.substring(z+Q.length,J));M=K&&K.global&&K.global.sessionInfo&&K.global.sessionInfo.key}catch(K){}}}if(!M)return{ok:!1,stage:"token"...
Critical
Builtin Api Tampering Exfiltration

Source mutates builtin networking, serialization, module-loading, or filesystem APIs while forwarding data to an external endpoint.

clis/segmentfault/article.jsView on unpkg · L1
scripts/check-doc-coverage.shView file
path = scripts/check-doc-coverage.sh kind = build_helper sizeBytes = 2256 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-doc-coverage.shView on unpkg
dist/src/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = publishport-opencli@1.8.5-pp.14 matchedIdentity = npm:cHVibGlzaHBvcnQtb3BlbmNsaQ:1.8.5-pp.14 similarity = 0.908 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/src/cli.jsView on unpkg

Findings

2 Critical4 High7 Medium10 Low
CriticalBuiltin Api Tampering Exfiltrationclis/segmentfault/article.js
CriticalPrevious Version Dangerous Deltadist/src/cli.js
HighInstall Time Lifecycle Scriptspackage.json
HighChild Processdist/src/external.js
HighSame File Env Network Executiondist/src/browser/managed-chrome.js
HighCommand Output Exfiltrationdist/src/launcher.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/src/discovery.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/postinstall.js
MediumShips Build Helperscripts/check-doc-coverage.sh
MediumStructural Risk Force Deep Review
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/src/browser/article-extract.js
LowWeak Cryptoclis/flomo/memos.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings
LowNo License