MAL-2026-3747

--- _-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (5afe7de709fb18909451ff49a02f133f248fb0dc0688709251c924038effc6dc) On load, dist/index.js unconditionally instantiates `new AIServer()` and calls `server.start()` at module top level (no `require.main === module` guard), so simply running `node dist/index.js`, invoking the package's bin, or `require('@aiscene/aiserver')` from another module immediately launches a network-talking server in the consumer's process. That server registers with the hardcoded URL `http://nethp-test.jd.com/rest/execution-nodes/register` (plain HTTP, not configurable in code) and continuously long-polls `http://nethp-test.jd.com/rest/execution-queue/tasks/next`. Tasks returned by that endpoint carry a `naturalLanguage`/`code` field which dist/executor/code-executor.js compiles and runs via `new (async function(){}).constructor(instrumentedCode)` inside a forked worker — i.e. arbitrary JavaScript supplied by the remote control plane is executed in the installer's process. dist/node/service.js additionally POSTs the installer's `os.hostname()`, local non-internal IPv4 addresses from `os.networkInterfaces()`, and connected device info to the same host every ~30 seconds with no opt-in or override. Because the control-plane URL is hardcoded and served over plaintext HTTP, any non-JD installer (and any on-path attacker on the network between the installer and that host) gains unauthenticated remote code execution on the installer's machine. dist/config/index.js and dist/.env also ship a hardcoded `modelservice.jdcloud.com` API key (`pk-485b2b56-...`) used as the default for three model slots; this is author self-harm against the author's own JD Cloud quota and is not the basis for the block.