registry  /  publishport-opencli  /  1.8.5-pp.7

publishport-opencli@1.8.5-pp.7

Make any website or Electron App your CLI. AI-powered.

AI Security Review

scanned 3d ago · by lpm-firewall-ai

No confirmed malicious attack surface was established. The package has install/runtime filesystem writes, network checks, dynamic plugin loading, and child process use, but they are aligned with a CLI/browser automation tool and are mostly user-invoked or scoped to OpenCLI state.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
global npm install, opencli runtime, or explicit opencli plugin/external command
Impact
Creates completions/templates and manages OpenCLI cache/plugins; no source evidence of unconsented exfiltration, persistence, destructive system modification, or AI-agent hijack.
Mechanism
package-aligned setup, update checks, adapter/plugin management
Rationale
Static inspection found risky primitives, but they are explainable by OpenCLI's advertised CLI/plugin/browser functionality and no concrete malicious behavior was found. Lifecycle scripts do not exfiltrate secrets or mutate AI-agent control surfaces, and the test secret is non-live example data.
Evidence
package.jsonscripts/postinstall.jsscripts/fetch-adapters.jsdist/src/main.jsdist/src/discovery.jsdist/src/update-check.jsdist/src/plugin.jsdist/src/external.jsclis/douyin/_shared/tos-upload-short-read.test.js~/.zsh/completions/_opencli~/.bash_completion.d/opencli~/.config/fish/completions/opencli.fish~/.opencli/spotify.env~/.opencli/clis~/.opencli/update-check.json~/.opencli/plugins~/.opencli/monorepos
Network endpoints4
127.0.0.1:19825/shutdownregistry.npmjs.org/@jackwener/opencli/latestapi.github.com/repos/jackwener/OpenCLI/releases?per_page=20github.com/*

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • postinstall writes user completion files and ~/.opencli/spotify.env on global install
  • scripts/fetch-adapters.js can delete stale OpenCLI overrides under ~/.opencli/clis
  • runtime imports user plugins/adapters from ~/.opencli and plugin install can clone git repos when invoked
Evidence against
  • package.json postinstall is best-effort and gated to completion/setup scripts, not credential harvesting
  • scripts/fetch-adapters.js states and implements no network calls; cleanup is scoped to OpenCLI cache/adapter paths
  • dist/src/update-check.js only fetches npm/GitHub release metadata and writes ~/.opencli/update-check.json
  • dist/src/plugin.js git clone/npm install/esbuild behavior is behind explicit opencli plugin commands
  • scanner secret in clis/douyin/_shared/tos-upload-short-read.test.js is AWS example test data
  • no AGENTS/CLAUDE/Cursor control-surface files found in package
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
Supply chain
HighEntropyStringsTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 2,100 file(s), 11.3 MB of source, external domains: 127.0.0.1, 36kr.com, a.com, a.example, a9.com, aave.com, account.dianping.com, accounts.douban.com, accounts.google.com, accounts.pixiv.net, accounts.spotify.com, admin.xiaoe-tech.com, ads.example, api.bilibili.com, api.chess.com, api.coingecko.com, api.dictionaryapi.dev, api.example.com, api.fda.gov, api.github.com, api.grok.com, api.juejin.cn, api.llama.fi, api.m.jd.com, api.manus.im, api.npmjs.org, api.nuget.org, api.openalex.org, api.osv.dev, api.platform.com, api.ruguoapp.com, api.semanticscholar.org, api.site.com, api.slock.ai, api.spotify.com, api.stackexchange.com, api.test, api.tvmaze.com, api.xiaoyuzhoufm.com, api.zhihu.com, api.zsxq.com, api2.mubu.com, api2.openreview.net, apiv1.oschina.net, app.cj.sina.com.cn, app.example, app.slock.ai, app.xiaoe-tech.com, appaaa.h5.xet.citv.cn, appxxxx.h5.xet.citv.cn

Source & flagged code

15 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.js || true; node scripts/fetch-adapters.js || true
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg
clis/douyin/_shared/tos-upload-short-read.test.jsView file
47patternName = aws_access_key severity = critical line = 47 matchedText = access_k...LE',
Critical
Critical Secret

Package contains a critical-looking secret pattern.

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47
47patternName = aws_access_key severity = critical line = 47 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L47
67patternName = aws_access_key severity = critical line = 67 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload-short-read.test.js

clis/douyin/_shared/tos-upload-short-read.test.jsView on unpkg · L67
dist/src/weixin-download.test.jsView file
22const mod = await loadModule(); L23: const extractInPage = eval(mod.buildExtractWechatPublishTimeJs()); L24: expect(extractInPage('', 'var create_time = "1711291080";')).toBe('2024-03-24 22:38:00');
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/src/weixin-download.test.jsView on unpkg · L22
dist/src/discovery.jsView file
181return; L182: await import(pathToFileURL(filePath).href).catch((err) => { L183: log.warn(`Failed to load module ${filePath}: ${getErrorMessage(err)}`);
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/src/discovery.jsView on unpkg · L181
clis/douban/utils.test.jsView file
109location: { L110: href: 'https://search.douban.com/movie/subject_search?search_text=%E5%B0%84%E9%9B%95%E8%8B%B1%E9%9B%84%E4%BC%A0', L111: origin: 'https://search.douban.com', ... L134: it('rejects non-http photo urls during promotion', () => { L135: expect(promoteDoubanPhotoUrl('data:image/gif;base64,abc')).toBe(''); L136: }); ... L449: // eslint-disable-next-line no-new-func L450: return new Function(`return (${fn.toString()})`)(); L451: }
Medium
Unsafe Vm Context

Package source executes code through a VM context API.

clis/douban/utils.test.jsView on unpkg · L109
clis/flomo/memos.jsView file
76params.sign = createHash('md5').update(signBase + '[redacted]').digest('hex'); L77: return 'https://flomoapp.com/api/v1/memo/updated/?' + new URLSearchParams(params).toString(); L78: } ... L85: if (!raw) return null; L86: const me = JSON.parse(raw); L87: const token = me?.access_token || me?.data?.access_token || '';
Low
Weak Crypto

Package source references weak cryptographic algorithms.

clis/flomo/memos.jsView on unpkg · L76
scripts/postinstall.jsView file
7* standard completion directory. For zsh and bash, the script prints manual L8: * instructions instead of modifying rc files (~/.zshrc, ~/.bashrc) — this L9: * avoids breaking multi-line shell commands and other fragile rc structures. ... L60: function detectShell() { L61: const shell = process.env.SHELL || ''; L62: if (shell.includes('zsh')) return 'zsh'; ... L77: // Skip in CI environments L78: if (process.env.CI || process.env.CONTINUOUS_INTEGRATION) { L79: return; ... L93: L94: const home = homedir(); L95:
Medium
Install Persistence

Source writes installer persistence such as shell profile or service configuration.

scripts/postinstall.jsView on unpkg · L7
scripts/check-doc-coverage.shView file
path = scripts/check-doc-coverage.sh kind = build_helper sizeBytes = 2256 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

scripts/check-doc-coverage.shView on unpkg
dist/src/cli.jsView file
matchType = previous_version_dangerous_delta matchedPackage = publishport-opencli@1.8.5-pp.6 matchedIdentity = npm:cHVibGlzaHBvcnQtb3BlbmNsaQ:1.8.5-pp.6 similarity = 0.967 summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version.

dist/src/cli.jsView on unpkg
dist/src/observation/redaction.test.jsView file
28patternName = generic_password severity = medium line = 28 matchedText = password...D]',
Medium
Secret Pattern

Hardcoded password in dist/src/observation/redaction.test.js

dist/src/observation/redaction.test.jsView on unpkg · L28
clis/douyin/_shared/tos-upload.test.jsView file
149patternName = aws_access_key severity = critical line = 149 matchedText = access_k...LE',
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload.test.js

clis/douyin/_shared/tos-upload.test.jsView on unpkg · L149
166patternName = aws_access_key severity = critical line = 166 matchedText = expect(h...t');
Critical
Secret Pattern

AWS access key ID in clis/douyin/_shared/tos-upload.test.js

clis/douyin/_shared/tos-upload.test.jsView on unpkg · L166

Findings

6 Critical1 High9 Medium8 Low
CriticalCritical Secretclis/douyin/_shared/tos-upload-short-read.test.js
CriticalPrevious Version Dangerous Deltadist/src/cli.js
CriticalSecret Patternclis/douyin/_shared/tos-upload-short-read.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload-short-read.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload.test.js
CriticalSecret Patternclis/douyin/_shared/tos-upload.test.js
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumDynamic Requiredist/src/discovery.js
MediumUnsafe Vm Contextclis/douban/utils.test.js
MediumNetwork
MediumEnvironment Vars
MediumInstall Persistencescripts/postinstall.js
MediumShips Build Helperscripts/check-doc-coverage.sh
MediumStructural Risk Force Deep Review
MediumSecret Patterndist/src/observation/redaction.test.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowEvaldist/src/weixin-download.test.js
LowWeak Cryptoclis/flomo/memos.js
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings