registry  /  @amaster.ai/amaster-employee-embed-sdk  /  0.1.8

@amaster.ai/amaster-employee-embed-sdk@0.1.8

AI Security Review

scanned 2h ago · by lpm-firewall-ai

At runtime, server-provided plugin metadata can cause browser execution of fetched JavaScript. No install-time host mutation or local-system attack surface was confirmed.

Static reason
No blocking static signals were detected.
Trigger
Rendering or loading a declared plugin UI in the embedded application.
Impact
A compromised or untrusted same-origin plugin endpoint can execute code in the host page context.
Mechanism
Fetches and dynamically imports plugin UI JavaScript from a relative plugin endpoint.
Rationale
No concrete malicious install, exfiltration, persistence, or destructive chain was found. The unrestricted runtime plugin loader remains a material dangerous capability and warrants a warning.
Evidence
package.jsondist/index.jsdist/index-Dq_fPAkR.jsdist/index.d.ts
Network endpoints2
/_plugins/<pluginId>/ui/<uiEntryFile>?v=<version>/api

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index-Dq_fPAkR.js` builds plugin URLs under `/_plugins/<id>/ui/<entry>?v=<version>`.
  • `dist/index-Dq_fPAkR.js` fetches plugin source, wraps it in a Blob, then dynamically imports it.
  • The fetched module runs in the embed page and receives a global plugin bridge exposing host UI hooks.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No Node filesystem, child-process, shell, or credential-harvesting primitive was found.
  • Ordinary SDK API calls use configured `/api` endpoints with browser credentials.
Behavioral surface
Source
ChildProcessDynamicRequireEnvironmentVarsFilesystemNetwork
Supply chain
HighEntropyStringsMinifiedTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 176 file(s), 5.30 MB of source, external domains: chevrotain.io, en.wikibooks.org, en.wikipedia.org, github.com, jquery.org, langium.org, sqlite.org, tanstack.com, tex.stackexchange.com, tldrlegal.com, www.espertech.com, www.postgresql.org, www.sqlite.org, www.w3.org
Oversized source lightweight scan
dist/index-Dq_fPAkR.js12.2 MB file, sampled 256 KB
NetworkEnvironmentVarsHighEntropyStringsUrlStringstanstack.comwww.w3.org

Source & flagged code

2 flagged · loading source
dist/livescript-CanGTf8u.jsView file
17return e.next(), "error"; L18: }, s = "(?![\\d\\s])[$\\w\\xAA-\\uFFDC](?:(?!\\s)[$\\w\\xAA-\\uFFDC]|-[A-Za-z])*", u = RegExp("(?:[({[=:]|[-~]>|\\b(?:e(?:lse|xport)|d(?:o|efault)|t(?:ry|hen)|finally|import(?:\\s*... L19: token: "string",
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/livescript-CanGTf8u.jsView on unpkg · L17
dist/index-Dq_fPAkR.jsView file
path = dist/index-Dq_fPAkR.js kind = oversized_source_file sizeBytes = 12794385 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/index-Dq_fPAkR.jsView on unpkg

Findings

1 High4 Medium5 Low
HighOversized Source Filedist/index-Dq_fPAkR.js
MediumDynamic Requiredist/livescript-CanGTf8u.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings