AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The risky primitives are install-time local setup/migration and user-invoked adapter/plugin/browser automation features consistent with the package purpose.
Decision evidence
public snapshot- package.json defines install hooks: postinstall and preuninstall.
- scripts/postinstall.js writes shell completions and ~/.opencli/spotify.env on global install.
- scripts/fetch-adapters.js may delete stale ~/.opencli/clis overrides during global install.
- clis/bilibili/publish.js downloads and executes biliup only for user-invoked bilibili publish/login commands.
- dist/src/main.js is a CLI entrypoint; no install-time import of adapters beyond declared scripts.
- postinstall.js skips non-global installs and CI, and writes completion/template files without credential harvesting.
- fetch-adapters.js states no network calls and only hashes packaged clis before sparse cleanup.
- clis/douyin/_shared/tos-upload-short-read.test.js contains example test credentials only.
- Network endpoints are package-aligned: npm update check, GitHub releases, local daemon shutdown.
- No evidence of exfiltration, persistence, destructive project writes, or unconsented AI-agent control mutation.
Source & flagged code
16 flagged · loading sourcePackage defines install-time lifecycle scripts.
package.jsonView on unpkgInstall-time lifecycle script is not statically allowlisted and needs review.
package.jsonView on unpkgPackage contains a critical-looking secret pattern.
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js
clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L67Package source references a known benign dynamic code generation pattern.
dist/src/weixin-download.test.jsView on unpkg · L22Package source references dynamic require/import behavior.
dist/src/discovery.jsView on unpkg · L181Package source executes code through a VM context API.
clis/douban/utils.test.jsView on unpkg · L109Package source references weak cryptographic algorithms.
clis/flomo/memos.jsView on unpkg · L76Source writes installer persistence such as shell profile or service configuration.
scripts/postinstall.jsView on unpkg · L7Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
clis/bilibili/publish.jsView on unpkg · L18Package ships non-JavaScript build or shell helper files.
scripts/check-doc-coverage.shView on unpkgThis package version adds a dangerous source file absent from the previous stored version.
dist/src/cli.jsView on unpkgHardcoded password in dist/src/observation/redaction.test.js
dist/src/observation/redaction.test.jsView on unpkg · L28AWS access key ID in clis/douyin/_shared/tos-upload.test.js
clis/douyin/_shared/tos-upload.test.jsView on unpkg · L149AWS access key ID in clis/douyin/_shared/tos-upload.test.js
clis/douyin/_shared/tos-upload.test.jsView on unpkg · L166