AI Security Review
scanned 6h ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a user-invoked CLI that serves a local whiteboard/editor and reads or writes project scene files with path checks.
Decision evidence
public snapshot- No npm lifecycle hooks in package.json; execution is via user-invoked bin agentdraw -> dist/index.js.
- dist/index.js starts a local HTTP server and can spawn a detached copy of itself only from the CLI flow.
- dist/index.js reads/writes scene files selected through CLI/API and blocks paths containing .ssh, .gnupg, .aws, or .config.
- web-dist bundles include fonts and browser assets; high-entropy woff2 assets are expected static web payloads.
- No install-time code or unconsented writes to AI-agent control surfaces found in package.json.
- No credential harvesting or secret/env exfiltration behavior found in inspected entrypoint.
- Network behavior is local server/client use around localhost rather than external C2 endpoints.
- Potential eval/secret/unicode scanner hits are inside bundled frontend/vendor assets and not tied to malicious execution.
Source & flagged code
6 flagged · loading sourcePackage contains a critical-looking secret pattern.
web-dist/assets/subset-shared.chunk-VYO9Ebyw.jsView on unpkg · L22AWS access key ID in web-dist/assets/subset-shared.chunk-VYO9Ebyw.js
web-dist/assets/subset-shared.chunk-VYO9Ebyw.jsView on unpkg · L22Package source references a known benign dynamic code generation pattern.
web-dist/assets/subset-shared.chunk-VYO9Ebyw.jsView on unpkg · L1Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web-dist/assets/index-BjQDHGCo.jsView on unpkg · L100Google API key in web-dist/assets/index-BjQDHGCo.js
web-dist/assets/index-BjQDHGCo.jsView on unpkg · L10Package ships high-entropy non-source blobs.
web-dist/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkg