registry  /  yuan-asset-cli  /  0.1.0

yuan-asset-cli@0.1.0

固定资产管理命令行工具,支持资产新增、查询、调拨、借用、派发等操作,对 AI Agents 友好。

AI Security Review

scanned 3h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The package is a CLI for asset-management API calls against a user-supplied server, with local configuration handling for login/profile settings.

Static reason
One or more suspicious static signals were detected.
Trigger
User invokes yuan-asset CLI commands such as login, asset, consumable, base, or config.
Impact
Sends user-provided credentials and command payloads to the configured asset-management server; no hidden exfiltration or install-time mutation found.
Mechanism
User-directed API client and local CLI configuration
Rationale
Static inspection shows suspicious primitives are aligned with the advertised CLI: environment credentials, fetch requests to a configured server, and config persistence for login/profile commands. The scanner's child_process signal is from bundled commander internals rather than a concrete malicious execution path.
Evidence
package.jsonbin/yuan-asset.jsdist/index.jsREADME.md
Network endpoints2
<user-supplied server>/auth/login/open_token<user-supplied server>/open/*

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall lifecycle hooks.
    • bin/yuan-asset.js only imports ../dist/index.js as the CLI entrypoint.
    • dist/index.js network calls use user-configured server URL plus package API paths such as /auth/login/open_token and /open/* asset endpoints.
    • Credential env vars YUAN_ASSET_URL/YUAN_ASSET_APP_KEY/YUAN_ASSET_APP_SECRET are used for explicit login/config behavior documented in README.md.
    • child_process references are from bundled commander subcommand support, with no package-defined executable subcommands found.
    • No evidence of credential harvesting, hardcoded exfiltration endpoint, install-time execution, persistence, destructive behavior, or AI-agent control-surface writes.
    Behavioral surface
    Source
    ChildProcessEnvironmentVarsFilesystemNetwork
    Supply chain
    HighEntropyStringsMinified
    ManifestNo manifest risk signals triggered.
    scanned 2 file(s), 113 KB of source

    Source & flagged code

    3 flagged · loading source
    dist/index.jsView file
    12(Did you mean one of ${X.join(", ")}?)`;if(X.length===1)return` L13: (Did you mean ${X[0]}?)`;return""}j2.suggestSimilar=P2});var c_=a((f2)=>{var x2=r("node:events").EventEmitter,o0=r("node:child_process"),X0=r("node:path"),P0=r("node:fs"),D=r("node... L14: - specify the name in Command constructor or using .name()`);if(R=R||{},R.isDefault)this._defaultCommandName=_._name;if(R.noHelp||R.hidden)_._hidden=!0;return this._registerCommand...
    High
    Child Process

    Package source references child process execution.

    dist/index.jsView on unpkg · L12
    12(Did you mean one of ${X.join(", ")}?)`;if(X.length===1)return` L13: (Did you mean ${X[0]}?)`;return""}j2.suggestSimilar=P2});var c_=a((f2)=>{var x2=r("node:events").EventEmitter,o0=r("node:child_process"),X0=r("node:path"),P0=r("node:fs"),D=r("node... L14: - specify the name in Command constructor or using .name()`);if(R=R||{},R.isDefault)this._defaultCommandName=_._name;if(R.noHelp||R.hidden)_._hidden=!0;return this._registerCommand... ... L25: Expecting one of '${M.join("', '")}'`);let X=`${_}Help`;return this.on(X,(Z)=>{let z;if(typeof R==="function")z=R({error:Z.error,command:Z.command});else z=R;if(z)Z.write(`${z} L26: `)}),this}_outputHelpIfRequested(_){let R=this._getHelpOption();if(R&&_.find((X)=>R.is(X)))this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)")}}function u_(_){... L27: GFS4: `),console.error(_)};if(!O[m]){if(Z_=global[m]||[],BM(O,Z_),O.close=function(_){function R(M,X){return _.call(O,M,function(Z){if(!Z)zM();if(typeof X==="function")X.apply(this... L28: ${AR}
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    dist/index.jsView on unpkg · L12
    12(Did you mean one of ${X.join(", ")}?)`;if(X.length===1)return` L13: (Did you mean ${X[0]}?)`;return""}j2.suggestSimilar=P2});var c_=a((f2)=>{var x2=r("node:events").EventEmitter,o0=r("node:child_process"),X0=r("node:path"),P0=r("node:fs"),D=r("node... L14: - specify the name in Command constructor or using .name()`);if(R=R||{},R.isDefault)this._defaultCommandName=_._name;if(R.noHelp||R.hidden)_._hidden=!0;return this._registerCommand... ... L26: `)}),this}_outputHelpIfRequested(_){let R=this._getHelpOption();if(R&&_.find((X)=>R.is(X)))this.outputHelp(),this._exit(0,"commander.helpDisplayed","(outputHelp)")}}function u_(_){... L27: GFS4: `),console.error(_)};if(!O[m]){if(Z_=global[m]||[],BM(O,Z_),O.close=function(_){function R(M,X){return _.call(O,M,function(Z){if(!Z)zM();if(typeof X==="function")X.apply(this... L28: ${AR}
    High
    Command Output Exfiltration

    Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.

    dist/index.jsView on unpkg · L12

    Findings

    3 High2 Medium3 Low
    HighChild Processdist/index.js
    HighSame File Env Network Executiondist/index.js
    HighCommand Output Exfiltrationdist/index.js
    MediumNetwork
    MediumEnvironment Vars
    LowScripts Present
    LowFilesystem
    LowHigh Entropy Strings