ai-director

No direct evidence in this module of covert malware behavior (no backdoor networking, keylogging, or self-propagation observed). The dominant security concerns are (1) use of child_process.execSync with a command string interpolating SYNC_SCRIPT (must be verified as a trusted, non-influenceable constant to avoid local RCE/supply-chain issues), and (2) persistent storage of a sensitive API key on disk plus potential exposure of partial server response content in parse error messages. Review the definitions/control of ACCOUNT_PATH and SYNC_SCRIPT and the implementation of config-loader to confirm they cannot be influenced by attackers.

No clear overt malware/backdoor behavior is evident in this module by itself. The dominant security finding is a high-impact command-injection vulnerability: it uses execSync with shell-interpreted command strings constructed from user-controlled prompt/style (and potentially evaluator-derived prompt changes), enabling arbitrary OS command execution if an attacker can influence those inputs. There is also a conditional risk that untrusted videoUrl values are processed by qualityEvaluator with network effects, depending on that module’s implementation.

SUSPICIOUS. 技能总体目的与功能大体一致，但信任链和数据流不够干净：发布者与X2C官方关系不可验证，核心API走未公开证实归属的Supabase域名，且要求用户把API Key直接交给助手并本地持久化。未见明确恶意窃取或隐藏行为，因此更像高风险第三方集成技能而非确认恶意。