AI 低代码平台「低代码 + 零代码」双驱动!低代码可一键生成前后端代码;零代码可 5 分钟搭建系统;AI Skills 一句话画流程、设计表单、生成整套系统。内置 AI聊天、知识库、流程编排、MCP插件等,兼容主流大模型。引领「AI 生成 → 在线配置 → 代码生成 → 手工合并->AI修改」开发模式,消除 Java 项目 80% 的重复工作,提效而不失灵活。
- capability exposureinferred+22
- recent driftinferred+12
- tool safetyinferred+12
- trust mitigatorsmixed−8
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 12m ago · see ecosystem CVEs →
- A · 0 → C · 38
no known CVEs for this server.
- highdangerous code
committed secret: OpenAI key, committed .env · dynamic exec: new Function()
analyzed commit b0990c0 · analyzer v17 · 2h ago
skills & prompt files 2
danger signals14
- dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/resources/static/generic/build/pdf.js:6598
this.compiledGlyphs[character] = new Function('c', 'size', js); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/hooks/jeecg/useAdaptiveWidth.ts:44
let flag = new Function(`return ${innerWidth} ${key}`)(); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/router/helper/routeHelper.ts:47
item.meta.title = new Function('t', `return ${item.meta.title}`)(t); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/utils/common/compUtils.ts:594
item.slotTitle = new Function('t', `return ${item.slotTitle}`)(t); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/utils/index.ts:434
return new Function(`return ${str}`)(); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/views/super/online/cgform/hooks/auto/useCustomHook.ts:73
const fun = new Function(executeCode)(); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/views/super/online/cgform/hooks/auto/useListButton.ts:633
return new Function(`return ${r}`)(); - dynamic code executionnew Function()jeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/src/views/super/online/graphreport/auto/hooks/useChartRender.ts:241
new Function('onClick', 'headId', `${jsCode}`)(onClick, headId); - committed secretOpenAI keyjeecgboot-JeecgBoot-b0990c0/jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/flyway/sql/mysql/V3.8.0_2__airag_init_db.sql:185
sk-cgQ…(29 chars, redacted) - committed secretcommitted .envjeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/.env:1
env file shipped with populated values - committed secretcommitted .envjeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/.env.development:1
env file shipped with populated values - committed secretcommitted .envjeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/.env.docker:1
env file shipped with populated values - committed secretcommitted .envjeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/.env.dockercloud:1
env file shipped with populated values - committed secretcommitted .envjeecgboot-JeecgBoot-b0990c0/jeecgboot-vue3/.env.production:1
env file shipped with populated values
- recent drift+12 capability drift →
[](https://mcpobservatory.com/servers/github:jeecgboot/JeecgBoot/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of jeecgboot.