// npm 패키지
@reconcrap/boss-recommend-mcp
Unified MCP pipeline for recommend-page filtering and screening on Boss Zhipin
주간
1,434
월간
7,547
버전
171
메인테이너
1
라이선스
MIT
최초 publish
2026-03-30
publisher
reconcrap
tarball
1,446,280 B
AUTO-PUBLISHED·6개 버전 인덱싱됨·최근 publish: 2026-06-05
// exfil path
what is read → where it shipssteals
- ○ home dir
- ○ system info
sends to
- ⚙ curl | bash(fetches + executes remote payload)
// offending code· @2.1.12· 3 files flagged
llm: malicious · 0.95→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
- @2.1.12··AUTO-PUBLISHED·publisher: reconcrapheuristic 55/100static flags 7llm malicious (0.95) via fast-trackinstall-scripts:postinstallnew-publisher:15dpopularity:highmature-packagehas-source-repopublic-github-pushchild-process-spawnreads-env-varsreads-homedirbase64-decodereads-system-infocurl-pipe-bash
→ 정적 분석기가 curl-pipe-bash 패턴 검출 — 설치 경로에 원격 코드 실행 형태가 그대로 드러남.
// offending code· 3 files flaggedpatterns: 7
--- install scripts --- ### postinstall node scripts/postinstall.cjs --- package/package.json (excerpt) --- { "name": "@reconcrap/boss-recommend-mcp", "version": "2.1.12", "description": "Unified MCP pipeline for recommend-page filtering and screening on Boss Zhipin", "keywords": [ "boss", "mcp", "codex", "recruiting", "boss-zhipin", "recommend" ], "type": "module", "main": "src/index.js", "bin": { "boss-recommend-mcp": "bin/boss-recommend-mcp.js" }, "scripts": { "start": "node src/index.js", "cli": "node src/cli.js", "install:local": "node src/cli.js install", "postinstall": "node scripts/postinstall.cjs", "test:parser": "node src/test-parser.js", "test:run-state": "node src/test-run-state.js", "test:cdp-browser": "node src/test-cdp-browser.js", "test:core-capture": "node src/test-core-capture.js", "test:core-cv-capture-target": "node src/test-core-cv-capture-target.js", "test:core-cv-acquisition": "node src/test-core-cv-acquisition.js", "test:core-greet-quota": "node src/test-core-greet-quota.js", "test:core-infinite-list": "node src/test-core-infinite-list.js", "test:core-reporting": "node src/test-core-reporting.js", "test:core-run": "node src/test-core-run.js", "test:core-screening": "node src/test-core-screening.js", "test:core-self-heal": "node src/test-core-self-heal.js", "test:installer-migration": "node src/test-installer-migration.js", "test:recommend-actions": "node src/test-recommend-actions.js", "test:recommend --- package/src/chat-mcp.js (excerpt) --- import fs from "node:fs"; import path from "node:path"; import process from "node:process"; import { spawn } from "node:child_process"; import { fileURLToPath } from "node:url"; import { assertNoForbiddenCdpCalls, bringPageToFront, connectToChromeTargetOrOpen, createBossLoginRequiredError, detectBossLoginState, enableDomains, getMainFrameUrl, isBossLoginUrl, waitForMainFrameUrl, sleep } from "./core/browser/index.js"; import { RUN_STATUS_CANCELING, RUN_STATUS_CANCELED, RUN_STATUS_COMPLETED, RUN_STATUS_FAILED, RUN_STATUS_PAUSED, RUN_STATUS_RUNNING } from "./core/run/index.js"; import { buildLegacyScreenInputRows, cloneReportInput, writeLegacyScreenCsv } from "./core/reporting/legacy-csv.js"; import { buildChatSelfHealConfig, HEALTH_STATUS, resolveChatSelfHealRoots, runSelfHealCheck } from "./core/self-heal/index.js"; import { CHAT_TARGET_URL, closeChatResumeModal, closeChatJobDropdown, createChatRunService, getChatRoots, isForbiddenChatResumeTopLevelUrl, readChatJobOptions, runChatWorkflow } from "./domains/chat/index.js"; import { buildTargetCountCompatibilityHints, getBossChatDataDir, getBossChatTargetCountValue, normalizeTargetCountInput, resolveBossConfiguredOutputDir, resolveBossChatRuntimeLayout, resolveHumanBehaviorForRun, resolveBossScreeningConfig } from "./chat-runtime-config.js"; import { DEFAULT_MAX_IMAGE_PAGES } from "./core/cv-acquisition/index.js"; const DEFAULT_CHAT_HOST = "127.0.0.1 --- package/src/cli.js (excerpt) --- import fs from "node:fs"; import os from "node:os"; import path from "node:path"; import process from "node:process"; import { spawn, spawnSync } from "node:child_process"; import { createRequire } from "node:module"; import { fileURLToPath } from "node:url"; import { assertNoForbiddenCdpCalls, bringPageToFront, connectToChromeTarget, enableDomains, ensureChromeDebugPort, getDocumentRoot, querySelector, sleep as sleepMs } from "./core/browser/index.js"; import { bossChatHealthCheckTool, cancelBossChatRunTool, getBossChatRunTool, pauseBossChatRunTool, prepareBossChatRunTool, resumeBossChatRunTool } from "./chat-mcp.js"; import { cancelRecommendPipelineRunTool, getRecommendPipelineRunTool, listRecommendJobsTool, pauseRecommendPipelineRunTool, prepareRecommendPipelineRunTool, resumeRecommendPipelineRunTool, startRecommendPipelineRunTool } from "./recommend-mcp.js"; import { getRecommendScheduledRunTool, scheduleRecommendPipelineRunTool } from "./recommend-scheduler.js"; import { getBossScreenConfigResolution, resolveBossChatRuntimeLayout as resolveCdpBossChatRuntimeLayout, resolveBossScreeningConfig } from "./chat-runtime-config.js"; import { startServer } from "./index.js"; const require = createRequire(import.meta.url); const currentFilePath = fileURLToPath(import.meta.url); const packageRoot = path.resolve(path.dirname(currentFilePath), ".."); const packageJsonPath = path.join(packageRoot,
