github analyzed 1edb40f unconfirmed MCP

53AI/53AIHub

53AI Hub is an open-source AI portal, which enables you to quickly build a operational-level AI portal to launch and operate AI agents, prompts, and AI tools. It supports seamless integration with development platforms like Coze, Dify, FastGPT, RAGFlow.

maintainer: 53AI
license: NOASSERTION
first seen: 2026-06-01
last seen: 2026-06-04
releases · 30d: 0
short id

Drift inferred · capture-to-capture

HIGH 2026-06-14 code analysis flagged committed secret ×4, dynamic code execution ×17 in 53AI/53AIHub

capabilities0 tools

transport — counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signalsgithub-tarball

prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed commit 1edb40f · analyzer v17 · 1h ago

skills & prompt files 1

prompt-file53AI-53AIHub-1edb40f/web/console/src/components/Prompt/README.md

danger signals21

dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/attachment/attachment.js:739var json = eval('(' + r.responseText + ')')
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/background/background.js:272var json = isJsonp ? r:eval('(' + r.responseText + ')');
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/image/image.js:973var json = isJsonp ? r : eval('(' + r.responseText + ')')
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/scrawl/scrawl.js:639responseObj = eval("(" + xhr.responseText + ")");
dynamic code executionnew Function()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/wordimage/tangram.js:672callBack[index] = _createFunName(options[funName] || new Function());
dynamic code executionnew Function()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/jquery-1.10.2.js:569return ( new Function( "return " + data ) )();
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/video-js/video.dev.js:7025j = eval('(' + text + ')');
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/video-js/video.js:122if(/^[\],:{}\s]*$/.test(a.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return
dynamic code executioneval()53AI-53AIHub-1edb40f/api/static/libs/js/vditor/dist/js/mathjax/sre/sre_browser.js:46goog.ASSUME_ES_MODULES_TRANSPILED=!1;goog.TRANSPILE_TO_LANGUAGE="";goog.TRANSPILER="transpile.js";goog.hasBadLetScoping=null;goog.useSafari10Workaround=function(){if(null==goog.hasBadLetScoping){try{v
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/attachment/attachment.js:739var json = eval('(' + r.responseText + ')')
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/background/background.js:272var json = isJsonp ? r:eval('(' + r.responseText + ')');
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/image/image.js:973var json = isJsonp ? r : eval('(' + r.responseText + ')')
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/scrawl/scrawl.js:639responseObj = eval("(" + xhr.responseText + ")");
dynamic code executionnew Function()53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/wordimage/tangram.js:672callBack[index] = _createFunName(options[funName] || new Function());
dynamic code executionnew Function()53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/jquery-1.10.2.js:569return ( new Function( "return " + data ) )();
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/video-js/video.dev.js:7023j = eval('(' + text + ')');
dynamic code executioneval()53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/video-js/video.js:122if(/^[\],:{}\s]*$/.test(a.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,"@").replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,"]").replace(/(?:^|:|,)(?:\s*\[)+/g,"")))return
committed secretcommitted .env53AI-53AIHub-1edb40f/api/docker/.env:1env file shipped with populated values
committed secretcommitted .env53AI-53AIHub-1edb40f/docker/.env:1env file shipped with populated values
committed secretcommitted .env53AI-53AIHub-1edb40f/web/console/.env:1env file shipped with populated values
committed secretcommitted .env53AI-53AIHub-1edb40f/web/front/.env:1env file shipped with populated values

code evidencevv0.1.9 · github-tarball

evidence-backed findings quoted directly from the published source artifact — not inferred

filesystem 5

fs 53AI-53AIHub-1edb40f/api/static/libs/js/vditor/dist/js/mathjax/sre/sre_browser.js :98 sre.SystemExternal.fs=sre.SystemExternal.documentSupported()?null:sre.SystemExternal.require("fs");sre.SystemExternal.url=sre.Variables.url;sre.SystemExternal.jsonPath=function(){return(sre.SystemExte
fs 53AI-53AIHub-1edb40f/web/console/vite.config.ts :2 import fs from 'fs'
fs 53AI-53AIHub-1edb40f/web/front/src/main/service/Bookmarks.ts :2 const fs = require('fs')
fs 53AI-53AIHub-1edb40f/web/front/src/main/service/FileSystem.ts :1 import fs from 'fs'
fs 53AI-53AIHub-1edb40f/web/front/vite.common.ts :10 import fs from 'fs'

shell / exec 3

shell 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/dialogs/scrawl/scrawl.js :629 function exec(scrawlObj) {
shell 53AI-53AIHub-1edb40f/web/console/public/UEditor/dialogs/scrawl/scrawl.js :629 function exec(scrawlObj) {
shell 53AI-53AIHub-1edb40f/web/front/src/main/service/MouseEventsHandler.ts :7 import { spawn } from 'child_process'

network 18

net 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/webuploader/webuploader.custom.js :2280 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/webuploader/webuploader.flashonly.js :2280 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/webuploader/webuploader.html5only.js :2474 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/webuploader/webuploader.min.bak.js :1 /* WebUploader 0.1.2 */!function(a,b){var c,d={},e=function(a,b){var c,d,e;if("string"==typeof a)return h(a);for(c=[],d=a.length,e=0;d>e;e++)c.push(h(a[e]));return b.apply(null,c)},f=function(a,b,c){2
net 53AI-53AIHub-1edb40f/api/static/libs/js/UEditor/third-party/webuploader/webuploader.withoutimage.js :2108 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/webuploader/webuploader.custom.js :2280 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/webuploader/webuploader.flashonly.js :2280 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/webuploader/webuploader.html5only.js :2474 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/webuploader/webuploader.min.bak.js :1 /* WebUploader 0.1.2 */!function(a,b){var c,d={},e=function(a,b){var c,d,e;if("string"==typeof a)return h(a);for(c=[],d=a.length,e=0;d>e;e++)c.push(h(a[e]));return b.apply(null,c)},f=function(a,b,c){2
net 53AI-53AIHub-1edb40f/web/console/public/UEditor/third-party/webuploader/webuploader.withoutimage.js :2108 * @grammar fetch( status ) => File
net 53AI-53AIHub-1edb40f/web/console/src/api/config.ts :1 import axios, { type AxiosRequestConfig, type AxiosResponse } from 'axios'
net 53AI-53AIHub-1edb40f/web/console/src/apis/index.ts :1 // import type { AxiosProgressEvent, GenericAbortSignal } from 'axios'
net 53AI-53AIHub-1edb40f/web/console/src/utils/cache.ts :608 * () => fetch('/api/user/123').then(res => res.json()),
net 53AI-53AIHub-1edb40f/web/console/src/utils/request/axios.ts :1 import axios, { type AxiosResponse } from 'axios'
net 53AI-53AIHub-1edb40f/web/console/src/utils/request/blob.ts :1 import axios from 'axios'
net 53AI-53AIHub-1edb40f/web/console/src/utils/request/index.ts :1 import type { AxiosProgressEvent, AxiosResponse, GenericAbortSignal } from 'axios'
net 53AI-53AIHub-1edb40f/web/front/src/renderer/main/api/config.ts :1 import axios, { type AxiosResponse, type AxiosRequestConfig } from 'axios'
net 53AI-53AIHub-1edb40f/web/front/src/renderer/main/api/modules/chat.ts :1 import type { AxiosRequestConfig } from 'axios'

secrets 1

secrets 53AI-53AIHub-1edb40f/web/front/src/renderer/main/api/signature.ts :6 const authkey = process.env.VITE_GLOB_AUTH_KEY as string

install hooks 1

postinstall 53AI-53AIHub-1edb40f/web/front/package.json :25 electron-builder install-app-deps

declared dependencies 52

@codemirror/state@^6.5.2
@codemirror/view@^6.38.1
@vue/reactivity@^3.4.24
@vueuse/core@^9.13.0
axios@^1.3.4
buffer@^6.0.3
codemirror@^6.0.2
cross-env@^7.0.3
element-plus@^2.9.5
hub-ui-x@^0.0.20
pinia@^2.3.1
sortablejs@^1.15.0
vue@~3.5.11
vue-codemirror@^6.1.1
vue-cropper@^1.0.9
vue-i18n@^9.2.2
vue-router@^4.2.5
@commitlint/cli@^17.4.4
@commitlint/config-conventional@^17.4.4
@rushstack/eslint-patch@^1.12.0
@types/node@^18.14.6
@vitejs/plugin-vue@^4.4.0
@vue/eslint-config-prettier@^9.0.0
@vue/eslint-config-typescript@^12.0.0
autoprefixer@^10.4.13
eslint@^8.35.0
eslint-config-airbnb-base@^15.0.0
eslint-plugin-import@^2.32.0
eslint-plugin-vue@^9.20.1
husky@^9.1.7
lint-staged@^16.1.2
npm-run-all@^4.1.5
postcss@^8.4.21
postcss-scss@^4.0.9
prettier@^3.6.2
rollup-plugin-visualizer@^5.11.0
sass@^1.62.1
stylelint@^16.21.0
stylelint-config-html@^1.1.0
stylelint-config-recommended-vue@^1.6.1
stylelint-config-standard@^38.0.0
tailwindcss@^3.2.7
typescript@~4.9.5
unplugin-auto-import@^0.15.3
unplugin-icons@^0.18.1
unplugin-vue-components@^0.24.1
vite@^4.4.11
vite-plugin-pwa@^0.14.4
vite-plugin-svg-icons@^2.0.1
vite-plugin-top-level-await@^1.4.4
vite-plugin-wasm@^3.3.0
vue-tsc@^1.8.16