// npm package
jishushell
JishuShell — Raspberry Pi server management panel (Core + Web UI)
weekly
31
monthly
487
versions
11
maintainers
1
license
Apache-2.0
first publish
2026-03-19
publisher
manager-aijishu
tarball
21,014,950 B
AUTO-PUBLISHED·1 version indexed·latest published 2026-06-05
// exfil path
what is read → where it shipssteals
- ○ system info
sends to
- ⚙ curl | bash(fetches + executes remote payload)
// offending code· @0.6.5· 3 files flagged
llm: malicious · 0.95→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
- @0.6.5··AUTO-PUBLISHED·publisher: manager-aijishuheuristic 55/100static flags 6llm malicious (0.95) via fast-trackinstall-scripts:postinstallnew-publisher:0dmature-packagepy-pip-install-runtimereads-system-inforeads-env-varschild-process-spawncurl-pipe-basharchive-then-upload
→ Static analyzer matched curl-pipe-bash: unambiguous remote-code-execution shape in the install path.
// offending code· 3 files flaggedpatterns: 6
--- install scripts --- ### postinstall bash install/post-install.sh ### prepare git config core.hooksPath .githooks 2>/dev/null || true ### prepublishOnly npm run build && chmod +x dist/cli.js --- package/templates/hermes-entrypoint.sh (excerpt) --- #!/bin/bash # JishuShell Hermes entrypoint shim. # Wraps ghcr.io/x-aijishu/hermes-runtime:latest for per-instance upgrades. # # Business logic mirrors OpenClaw's update-seed pattern # (src/services/runtime/adapters/openclaw.ts:ensureOpenclawUpdateSeed): # 1. Baseline runtime is baked into the image (/opt/hermes). # 2. A persistent venv lives on the bind-mounted agent-home # (${HERMES_HOME}/.venv) and is seeded from the image on first boot. # 3. In-container `uv pip install --upgrade ...` writes to the persistent # venv, so after `docker restart` the instance boots the upgraded # version — exactly like `npm install openclaw@latest` on OpenClaw. # # Implements §32.1 decisions from docs/multi-agent-runtime-generalization-plan.md: # §32.1.2 — incomplete venv recovery via .installed-ref sentinel # §32.1.3 — baseline mode detected by ABSENCE of JISHUSHELL_HERMES_SOURCE_REF env, # not by any literal "image-baseline" string set -e IMAGE_INSTALL_DIR=/opt/hermes IMAGE_VENV_DIR=/opt/hermes/.venv HERMES_HOME=/opt/data PERSISTENT_VENV_DIR=/opt/data/.venv OVERLAY_DIR=/opt/data/hermes-overlay # ── UID/GID remap (keep bind-mount permissions controllable) ────────────────── if [ "$(id -u)" = "0" ]; then if [ -n "$HERMES_UID" ] && [ "$HERMES_UID" != "$(id -u hermes)" ]; then echo "[jishushell-shim] remapping hermes uid → $HERMES_UID" usermod -u "$HERMES_UID" hermes fi if [ -n "$HERMES_GID" ] && [ "$HERMES_GID" != "$(id -g hermes)" ]; then --- package/scripts/build-local.sh (excerpt) --- #!/usr/bin/env bash # scripts/build-local.sh — Build Docker images locally for development/testing. # Usage: # ./scripts/build-local.sh openclaw # Build OpenClaw runtime image # ./scripts/build-local.sh hermes # Build Hermes runtime image # ./scripts/build-local.sh all # Build all images # PLATFORM=linux/arm64 ./scripts/build-local.sh openclaw # Build for specific platform set -euo pipefail cd "$(dirname "$0")/.." PLATFORM="${PLATFORM:-linux/$(dpkg --print-architecture 2>/dev/null || uname -m)}" build_openclaw() { local version="${OPENCLAW_VERSION:-latest}" echo "==> Building OpenClaw runtime image (version=${version}, platform=${PLATFORM})" docker build \ -f Dockerfile.openclaw-slim \ --build-arg "OPENCLAW_VERSION=${version}" \ --platform "${PLATFORM}" \ -t "jishushell-openclaw:${version}" \ -t "jishushell-openclaw:latest" \ . echo "==> Done: jishushell-openclaw:${version}" } build_hermes() { local hermes_ref="${HERMES_REF:-main}" local tag="${HERMES_TAG:-local}" echo "==> Building Hermes runtime image (ref=${hermes_ref}, tag=${tag}, platform=${PLATFORM})" docker build \ -f Dockerfile.hermes-slim \ --build-arg "HERMES_REF=${hermes_ref}" \ --platform "${PLATFORM}" \ -t "jishushell-hermes:${tag}" \ -t "jishushell-hermes:latest" \ . echo "==> Done: jishushell-hermes:${tag}" } case "${1:-all}" in openclaw) build_openclaw ;; hermes) build_hermes ;; all) --- package/scripts/check-adapter-isolation.ts (excerpt) --- #!/usr/bin/env -S node --experimental-strip-types /** * check-adapter-isolation — §32.2.1 static enforcement + §30.3 fixtures. * * Two invariants: * * 1. Core framework files never import from * `src/services/runtime/adapters/*`. Adapters load exclusively through * `src/services/runtime/index.ts` side-effect imports, and framework * code reaches adapters through `getAdapter(kind)` only. * * 2. Fixture `instance.json` samples under * `scripts/fixtures/instances/<name>/` satisfy the minimum meta * contract: `id`, `name`, resolvable agent discriminator, and * (for Hermes) the required `paths.agentHome` / `paths.primaryConfig` * / `paths.secretEnv` entries. Legacy openclaw samples round-trip * through `backfillInstanceMeta` to `agentType="openclaw"`. * * Run via `npm run check:contracts`. Exits non-zero on violation. */ import { readFileSync, readdirSync, statSync } from "node:fs"; import { resolve } from "node:path"; const REPO_ROOT = resolve(import.meta.dirname ?? ".", ".."); /** * Files that must not import any specific adapter directly. Matches the * list in docs/multi-agent-runtime-generalization-plan.md §32.2.1. */ const CORE_FILES = [ "src/services/instance-manager.ts", "src/services/nomad-manager.ts", "src/services/setup-manager.ts", "src/services/backup-manager.ts", "src/services/llm-proxy/index.ts", "src/routes/instances.ts", "src/routes/setup.ts", "src/server.ts", ] as const; /** * Re
