AI Security Review
scanned 2h ago · by lpm-firewall-aiThe exported Vue components render caller-provided comment HTML directly. This creates a downstream XSS risk when an integrator supplies untrusted comment content; no package self-executing malware behavior was confirmed.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
An application renders an exported component with attacker-controlled `comment.content` or `comment.contentExtends`.
Impact
Script execution in the embedding application's origin.
Mechanism
Raw attacker-controlled HTML assigned to DOM innerHTML.
Rationale
Static source inspection does not support the scanner's malicious verdict. It does establish a meaningful unsanitized HTML rendering vulnerability, so warn rather than mark clean.
Evidence
package.jsondist/index.jsdist/types/comment.d.tsdist/index.umd.cjsdist/style.cssdist/index.d.tsdist/types/list.d.tsdist/types/top.d.ts
Decision evidence
public snapshotAI called this Suspicious at 94.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- `dist/index.js` assigns `comment.content` and `contentExtends` to DOM `innerHTML` in multiple exported comment/top components.
- `dist/types/comment.d.ts` defines these rendered values as ordinary caller-provided comment fields, with no sanitization contract.
- No sanitization is applied at the component render sinks; an embedding app that passes untrusted comments can expose same-origin XSS.
- Invisible Unicode findings are benign text/emoji-related code points, not control-flow obfuscation.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- Entrypoints import only `vue`, `@ahzoo/ouo`, and `lowlight`; no Node filesystem, process, shell, or dynamic payload APIs were found.
- No credential harvesting, network exfiltration, persistence, or AI-agent control-surface mutation was found.
- `localStorage` use only persists comment-form fields in the browser.
Behavioral surface
ChildProcessShell
HighEntropyStringsMinifiedUrlStrings
WildcardDependency
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
1548contains invisible/control Unicode U+200B (zero width space)
Get the _n_<U+200B>th outgoing edge from this node in the finite
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/index.jsView on unpkg · L1548•Trigger-reachable chain: manifest.module -> dist/index.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.jsView on unpkgFindings
2 Critical2 Medium3 Low
CriticalTrojan Source Unicodedist/index.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.js
MediumStructural Risk Force Deep Review
MediumWildcard Dependency
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings