registry  /  publishport-opencli  /  1.8.5-pp.4

publishport-opencli@1.8.5-pp.4

Make any website or Electron App your CLI. AI-powered.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The risky primitives are install-time local setup/migration and user-invoked adapter/plugin/browser automation features consistent with the package purpose.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
global npm install/uninstall or explicit opencli command execution
Impact
Local OpenCLI config/completion files may be created or migrated; user commands may access configured web services.
Mechanism
CLI setup, adapter discovery, update checks, and user-requested automation
Rationale
Static inspection found lifecycle scripts and powerful CLI automation, but their behavior is package-aligned and either global-install setup/migration or user-invoked runtime functionality. No concrete malicious exfiltration, persistence, destructive action, or hidden AI-agent control-surface mutation was found.
Evidence
package.jsonscripts/postinstall.jsscripts/fetch-adapters.jsdist/src/main.jsdist/src/discovery.jsdist/src/update-check.jsclis/bilibili/publish.jsclis/douyin/_shared/tos-upload-short-read.test.js~/.zsh/completions/_opencli~/.bash_completion.d/opencli~/.config/fish/completions/opencli.fish~/.opencli/spotify.env~/.opencli/adapter-manifest.json~/.opencli/clis~/.publishport/tools/biliup~/.publishport/bilibili/<account>.json
Network endpoints4
127.0.0.1:19825/shutdownregistry.npmjs.org/@jackwener/opencli/latestapi.github.com/repos/jackwener/OpenCLI/releases?per_page=20api.github.com/repos/biliup/biliup/releases/latest

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • package.json defines install hooks: postinstall and preuninstall.
  • scripts/postinstall.js writes shell completions and ~/.opencli/spotify.env on global install.
  • scripts/fetch-adapters.js may delete stale ~/.opencli/clis overrides during global install.
  • clis/bilibili/publish.js downloads and executes biliup only for user-invoked bilibili publish/login commands.
Evidence against
  • dist/src/main.js is a CLI entrypoint; no install-time import of adapters beyond declared scripts.
  • postinstall.js skips non-global installs and CI, and writes completion/template files without credential harvesting.
  • fetch-adapters.js states no network calls and only hashes packaged clis before sparse cleanup.
  • clis/douyin/_shared/tos-upload-short-read.test.js contains example test credentials only.
  • Network endpoints are package-aligned: npm update check, GitHub releases, local daemon shutdown.
  • No evidence of exfiltration, persistence, destructive project writes, or unconsented AI-agent control mutation.
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2,092 file(s), 11.2 MB of source, external domains: 127.0.0.1, 36kr.com, a.com, a.example, a9.com, aave.com, account.dianping.com, accounts.douban.com, accounts.google.com, accounts.pixiv.net, accounts.spotify.com, admin.xiaoe-tech.com, ads.example, api.bilibili.com, api.chess.com, api.coingecko.com, api.dictionaryapi.dev, api.example.com, api.fda.gov, api.github.com, api.grok.com, api.juejin.cn, api.llama.fi, api.m.jd.com, api.manus.im, api.npmjs.org, api.nuget.org, api.openalex.org, api.osv.dev, api.platform.com, api.ruguoapp.com, api.semanticscholar.org, api.site.com, api.slock.ai, api.spotify.com, api.stackexchange.com, api.test, api.tvmaze.com, api.xiaoyuzhoufm.com, api.zhihu.com, api.zsxq.com, api2.mubu.com, api2.openreview.net, apiv1.oschina.net, app.cj.sina.com.cn, app.example, app.slock.ai, app.xiaoe-tech.com, appaaa.h5.xet.citv.cn, appxxxx.h5.xet.citv.cn

Source & flagged code

16 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
clis/douyin/_shared/tos-upload-short-read.test.jsView file
47patternName = aws_access_key severity = critical line = 47 matchedText = access_k...LE',
Critical
Critical Secret

Package contains a critical-looking secret pattern.

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47
47patternName = aws_access_key severity = critical line = 47 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47
67patternName = aws_access_key severity = critical line = 67 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L67
dist/src/weixin-download.test.jsView file
22const mod = await loadModule(); L23: const extractInPage = eval(mod.buildExtractWechatPublishTimeJs()); L24: expect(extractInPage('', 'var create_time = "1711291080";')).toBe('2024-03-24 22:38:00');
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/weixin-download.test.jsView on unpkg · L22
dist/src/discovery.jsView file
181return; L182: await import(pathToFileURL(filePath).href).catch((err) => { L183: log.warn(`Failed to load module ${filePath}: ${getErrorMessage(err)}`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/discovery.jsView on unpkg · L181
clis/douban/utils.test.jsView file
109location: { L110: href: 'https://search.douban.com/movie/subject_search?search_text=%E5%B0%84%E9%9B%95%E8%8B%B1%E9%9B%84%E4%BC%A0', L111: origin: 'https://search.douban.com', ... L134: it('rejects non-http photo urls during promotion', () => { L135: expect(promoteDoubanPhotoUrl('data:image/gif;base64,abc')).toBe(''); L136: }); ... L449: // eslint-disable-next-line no-new-func L450: return new Function(`return (${fn.toString()})`)(); L451: }
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

clis/douban/utils.test.jsView on unpkg · L109
clis/flomo/memos.jsView file
76params.sign = createHash('md5').update(signBase + '[redacted]').digest('hex'); L77: return 'https://flomoapp.com/api/v1/memo/updated/?' + new URLSearchParams(params).toString(); L78: } ... L85: if (!raw) return null; L86: const me = JSON.parse(raw); L87: const token = me?.access_token || me?.data?.access_token || '';
Low
Weak Crypto

Package source references weak cryptographic algorithms.

clis/flomo/memos.jsView on unpkg · L76
scripts/postinstall.jsView file
7* standard completion directory. For zsh and bash, the script prints manual L8: * instructions instead of modifying rc files (~/.zshrc, ~/.bashrc) — this L9: * avoids breaking multi-line shell commands and other fragile rc structures. ... L60: function detectShell() { L61: const shell = process.env.SHELL || ''; L62: if (shell.includes('zsh')) return 'zsh'; ... L77: // Skip in CI environments L78: if (process.env.CI || process.env.CONTINUOUS_INTEGRATION) { L79: return; ... L93: L94: const home = homedir(); L95:
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/postinstall.jsView on unpkg · L7
clis/bilibili/publish.jsView file
18import * as path from 'node:path'; L19: import { execFileSync } from 'node:child_process'; L20: import { cli, Strategy } from '@jackwener/opencli/registry'; ... L23: L24: const GITHUB_RELEASE_API = 'https://api.github.[redacted]'; L25: L26: function biliupRoot() { L27: return path.join(os.homedir(), '.publishport', 'tools', 'biliup'); L28: } ... L30: function normalizeSystem() { L31: const p = process.platform; L32: if (p === 'darwin') return 'macos';
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

clis/bilibili/publish.jsView on unpkg · L18
scripts/check-doc-coverage.shView file
path = scripts/check-doc-coverage.sh kind = build_helper sizeBytes = 2256 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-doc-coverage.shView on unpkg
dist/src/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = publishport-opencli@1.8.5-pp.7 matchedIdentity = npm:cHVibGlzaHBvcnQtb3BlbmNsaQ:1.8.5-pp.7 similarity = 0.958 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/src/cli.jsView on unpkg
dist/src/observation/redaction.test.jsView file
28patternName = generic_password severity = medium line = 28 matchedText = password...D]',
Medium
Secret Pattern

Hardcoded password in dist/src/observation/redaction.test.js

dist/src/observation/redaction.test.jsView on unpkg · L28
clis/douyin/_shared/tos-upload.test.jsView file
149patternName = aws_access_key severity = critical line = 149 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload.test.js

clis/douyin/_shared/tos-upload.test.jsView on unpkg · L149
166patternName = aws_access_key severity = critical line = 166 matchedText = expect(h...t');
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload.test.js

clis/douyin/_shared/tos-upload.test.jsView on unpkg · L166

Findings

6 Critical2 High9 Medium8 Low
CriticalCritical Secretclis/douyin/_shared/tos-upload-short-read.test.js
CriticalPrevious Version Dangerous Deltadist/src/cli.js
CriticalSecret Patternclis/douyin/_shared/tos-upload-short-read.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload-short-read.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload.test.js
HighInstall Time Lifecycle Scriptspackage.json
HighSandbox Evasion Gated Capabilityclis/bilibili/publish.js
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/src/discovery.js
MediumUnsafe Vm Contextclis/douban/utils.test.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/postinstall.js
MediumShips Build Helperscripts/check-doc-coverage.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/src/observation/redaction.test.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/src/weixin-download.test.js
LowWeak Cryptoclis/flomo/memos.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings