AI Security Review
scanned 10d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Runtime network behavior is an AI office/chat UI using host-provided API endpoints and user-invoked attachment/voice features.
Static reason
One or more suspicious static signals were detected.
Trigger
Host application initializes AIOffice with apiEndpoint; users send chat messages, upload attachments, or start voice input.
Impact
Expected package-aligned network communication; no source evidence of exfiltration or persistence.
Mechanism
caller-configured chat, bot fetch, attachment upload/download, and ASR WebSocket
Rationale
Static inspection shows a React AI office/chat SDK with package-aligned, caller-configured network calls and no install/import-time malicious behavior. Suspicious scanner signals are explained by expected browser networking, process.env build replacement, and bundled image/base64 assets.
Evidence
package.jsonsrc/index.tssrc/app/components/ai-office/index.tsxsrc/app/hooks/useChatTransport.tssrc/app/service/fetch-bots.tssrc/app/utils/attachments.tssrc/app/hooks/use-voice-input.tsscripts/validate-build.jsvite.config.tsdist/index-Dk6eW5tc.js
Network endpoints4
${apiEndpoint}/common/connect${apiEndpoint}/agent/all-bots${apiEndpoint}/form/attachment/upload${apiEndpoint as ws}/asr
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall hooks; build/dev scripts are not lifecycle execution.
- src/index.ts only exports AIOffice components and plugin SDK types/utilities.
- Network use is caller-configured: apiEndpoint is passed into AIOffice and used for /common/connect, /agent/all-bots, attachment upload, and ASR WebSocket.
- File transfer helpers in src/app/utils/attachments.ts and src/lib/utils.ts download/upload user-provided attachment URLs/endpoints, not local filesystem secrets.
- No child_process, eval/new Function, filesystem writes, persistence, credential harvesting, or AI-agent control-surface writes found in src/package scripts.
- Scanner secret hit in dist/index-Dk6eW5tc.js corresponds to bundled data:image/png/base64 asset content, not a credential.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index-Dk6eW5tc.jsView file
2923patternName = generic_password
severity = medium
line = 2923
matchedText = password...4;",
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/index-Dk6eW5tc.jsView on unpkg · L2923dist/sdk.jsView file
2920patternName = generic_password
severity = medium
line = 2920
matchedText = password...4;",
Medium
dist/ai-office.umd.cjsView file
5patternName = generic_password
severity = medium
line = 5
matchedText = url(data..."),`
Medium
Findings
5 Medium4 Low
MediumSecret Patterndist/index-Dk6eW5tc.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/sdk.js
MediumSecret Patterndist/ai-office.umd.cjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings