registry  /  zmyt-cli  /  0.2.1

zmyt-cli@0.2.1

CLI tool for 智贸云图 (ZMYT) foreign trade SaaS platform REST APIs

AI Security Review

scanned 2h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. The package performs first-party AI-agent skill setup. Global npm install silently links packaged zmyt skills into ~/.agents/skills, but inspected skill content is package-aligned CRM CLI guidance rather than exfiltration or hijack logic.

Static reason
One or more suspicious static signals were detected.
Trigger
global npm install postinstall; explicit zmyt setup-skills command
Impact
ZMYT CRM skill becomes available to local AI agents; existing zmyt-* skill target may be overwritten
Mechanism
symlink packaged AI-agent skill directories into agent skill paths
Rationale
This is not confirmed malware, but the install-time mutation of an AI-agent skill directory creates lifecycle risk even though the installed skill is first-party and package-aligned. Treat as warn rather than publish block under the install control-surface policy.
Evidence
package.jsonscripts/postinstall.mjsbin/zmyt.mjsdist/index.jsskills/zmyt-crm/SKILL.mdREADME.md~/.agents/skills/zmyt-*~/.claude/skills/zmyt-*~/.cursor/skills/zmyt-*~/.hermes/skills/zmyt-*~/.zmyt/config.json~/.zmyt/access_token
Network endpoints2
trade.zhimaoyuntu.com/admin-api127.0.0.1:<port>/callback

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • package.json defines postinstall: node scripts/postinstall.mjs
  • scripts/postinstall.mjs global install creates symlinks from packaged skills/zmyt-* into ~/.agents/skills
  • scripts/postinstall.mjs may remove an existing ~/.agents/skills/zmyt-* target before replacing it
  • dist/index.js includes explicit setup-skills command for ~/.agents, ~/.claude, ~/.cursor, ~/.hermes skill dirs
Evidence against
  • Packaged skill content is ZMYT CRM command guidance, not prompt hijack or reviewer manipulation
  • CLI network endpoints are aligned to ZMYT SaaS: https://trade.zhimaoyuntu.com/admin-api and localhost OAuth callback
  • No child_process, eval/vm/Function, native binary loading, or remote payload execution found
  • Token storage and API use are user-invoked auth flows under ~/.zmyt
Behavioral surface
Source
EnvironmentVarsFilesystem
Supply chain
HighEntropyStringsMinifiedUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 115 KB of source, external domains: trade.zhimaoyuntu.com

Source & flagged code

2 flagged · loading source
package.jsonView file
scripts.postinstall = node scripts/postinstall.mjs
High
Install Time Lifecycle Scripts

Package defines install-time lifecycle scripts.

package.jsonView on unpkg
scripts.postinstall = node scripts/postinstall.mjs
Medium
Ambiguous Install Lifecycle Script

Install-time lifecycle script is not statically allowlisted and needs review.

package.jsonView on unpkg

Findings

1 High2 Medium4 Low
HighInstall Time Lifecycle Scriptspackage.json
MediumAmbiguous Install Lifecycle Scriptpackage.json
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings