registry  /  @aidraw/agentdraw  /  0.1.13

@aidraw/agentdraw@0.1.13

Local-first editable whiteboard workspace for coding agents.

AI Security Review

scanned 14m ago · by lpm-firewall-ai

No confirmed malicious attack surface. The package is a local-first whiteboard CLI that reads/writes user-selected AgentDraw scene files and serves a local editor.

Static reason
High-risk behavior combination matched malicious policy.; previous stored version diff introduced dangerous source
Trigger
User runs agentdraw CLI commands such as open, init, repair, export, import-svg, or gallery.
Impact
Can modify user-selected scene/export files; no install-time execution, persistence, exfiltration, or foreign AI-agent control-surface mutation found.
Mechanism
User-invoked local file editor/exporter and localhost HTTP server
Rationale
Static inspection shows package-aligned, user-invoked CLI behavior with a localhost editor and bounded file operations. Scanner hits are explained by bundled web assets, fonts/WASM, local HTTP APIs, and CLI primitives rather than concrete attack behavior.
Evidence
package.jsonREADME.mddist/index.jsdist/render.jsweb-dist/assets/index-CJpqzyyg.jsweb-dist/assets/subset-shared.chunk-rH3zAwfJ.jsuser-specified *.agentdraw.jsonuser-specified export SVG/PNG pathuser-specified imported SVG path.agentdraw/theme-gallery.html
Network endpoints2
127.0.0.1:3927/api/scene

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; only bin agentdraw -> dist/index.js
    • dist/index.js actions are user-invoked CLI commands for scene files, SVG import/export, gallery, and local editor
    • Local server binds default 127.0.0.1:3927 and exposes only /api/scene for chosen file path
    • Writes are to user-specified scene/export paths or .agentdraw/theme-gallery.html, not agent control surfaces
    • spawn is limited to user-invoked background server/browser open using node/open/cmd/xdg-open
    • No credential harvesting or external exfiltration endpoints found
    Behavioral surface
    Source
    ChildProcessCryptoEnvironmentVarsEvalFilesystemNetworkShell
    Supply chain
    HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 130 file(s), 7.82 MB of source, external domains: app.excalidraw.com, chevrotain.io, discord.gg, docs.excalidraw.com, en.wikipedia.org, excalidraw-room-persistence.firebaseio.com, github.com, json.excalidraw.com, langium.org, libraries.excalidraw.com, mermaid.js.org, oss-ai.excalidraw.com, oss-collab.excalidraw.com, player.vimeo.com, plus.excalidraw.com, react.dev, us-central1-excalidraw-room-persistence.cloudfunctions.net, www.w3.org, www.youtube.com, x.com, youtube.com

    Source & flagged code

    6 flagged · loading source
    web-dist/assets/subset-shared.chunk-rH3zAwfJ.jsView file
    22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...64};
    Critical
    Critical Secret

    Package contains a critical-looking secret pattern.

    web-dist/assets/subset-shared.chunk-rH3zAwfJ.jsView on unpkg · L22
    22patternName = aws_access_key severity = critical line = 22 matchedText = `,X.push...64};
    Critical
    Secret Pattern

    AWS access key ID in web-dist/assets/subset-shared.chunk-rH3zAwfJ.js

    web-dist/assets/subset-shared.chunk-rH3zAwfJ.jsView on unpkg · L22
    web-dist/assets/index-CJpqzyyg.jsView file
    100contains invisible/control Unicode U+202A (left-to-right embedding) `)},Fte=0,qc=[];function Bte(e){var t=D.useRef([]),n=D.useRef([0,0]),a=D.useRef(),i=D.useState(Fte++)[0],l=D.useState(NA)[0],s=D.useRef(e);D.useEffect(function(){s.current=e},[e]),D.useEffect(function(){if(e.inert){document.body.classList.a
    Critical
    Trojan Source Unicode

    Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.

    web-dist/assets/index-CJpqzyyg.jsView on unpkg · L100
    10patternName = google_api_key severity = high line = 10 matchedText = `).repla...AZZX
    High
    Secret Pattern

    Google API key in web-dist/assets/index-CJpqzyyg.js

    web-dist/assets/index-CJpqzyyg.jsView on unpkg · L10
    web-dist/assets/Assistant-Bold-gm-uSS1B.woff2View file
    path = web-dist/assets/Assistant-Bold-gm-uSS1B.woff2 kind = high_entropy_blob sizeBytes = 20380 magicHex = [redacted]
    High
    Ships High Entropy Blob

    Package ships high-entropy non-source blobs.

    web-dist/assets/Assistant-Bold-gm-uSS1B.woff2View on unpkg
    dist/index.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @aidraw/agentdraw@0.1.12 matchedIdentity = npm:QGFpZHJhdy9hZ2VudGRyYXc:0.1.12 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
    High
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

    dist/index.jsView on unpkg

    Findings

    3 Critical3 High4 Medium7 Low
    CriticalCritical Secretweb-dist/assets/subset-shared.chunk-rH3zAwfJ.js
    CriticalTrojan Source Unicodeweb-dist/assets/index-CJpqzyyg.js
    CriticalSecret Patternweb-dist/assets/subset-shared.chunk-rH3zAwfJ.js
    HighShips High Entropy Blobweb-dist/assets/Assistant-Bold-gm-uSS1B.woff2
    HighPrevious Version Dangerous Deltadist/index.js
    HighSecret Patternweb-dist/assets/index-CJpqzyyg.js
    MediumNetwork
    MediumEnvironment Vars
    MediumProtestware
    MediumStructural Risk Force Deep Review
    LowScripts Present
    LowEval
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings