AI Security Review
scanned 2h ago · by lpm-firewall-aiA packaged browser-script payload can intercept target-page code and submit page-derived form data to a dynamically decoded endpoint. The package itself carries and exports the payload; downstream extension injection is required for execution.
Decision evidence
public snapshot- `dist/filters/local_script_rules.js` embeds a rule that proxies `Function.prototype.constructor`, reads page `api_key`/`link_out`, serializes a form, and POSTs it to a dynamically decoded `window.ext_site`.
- `dist/filters/local_script_rules.json` enables that payload for `tulink.org` and `acortados.com`.
- The payload also POSTs to same-origin `/check.php`, so it actively performs browser-side network requests when injected.
- `dist/lib/index.js` packages and copies these local script-rule assets for downstream extension use.
- `package.json` contains no `preinstall`, `install`, `postinstall`, or `prepare` hook.
- `dist/cli.cjs` runs only when invoked as the `dnr-rulesets` CLI; it does not execute on library import.
- The CLI's static download endpoint is package-aligned: `https://filters.adtidy.org/extension/chromium-mv3`.
- No package code reads credential stores, AI-agent configuration, or performs install-time persistence.
Source & flagged code
5 flagged · loading sourcePackage source references weak cryptographic algorithms.
dist/lib/index.jsView on unpkg · L10Source reassigns a global/builtin to a Proxy that forwards intercepted runtime data to an external endpoint.
dist/filters/local_script_rules.jsView on unpkg · L1Package contains source files above the static scanner size ceiling.
dist/cli.cjsView on unpkgPackage contains an oversized executable-looking CLI entrypoint.
dist/cli.cjsView on unpkg