AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Runtime network calls support AI-office UI features such as bot listing and attachment transfer using caller-provided URLs/endpoints.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports/runs the library in a host web app and invokes UI/plugin features.
Impact
No evidence of credential harvesting, persistence, destructive behavior, or unconsented lifecycle mutation.
Mechanism
browser-side React plugin/UI SDK with dynamic host-provided fetches
Rationale
Static inspection shows a normal React/TypeScript AI-office component/plugin package with no lifecycle execution and no hardcoded exfiltration or host persistence. The suspicious network and secret-pattern signals are explained by runtime feature fetches to caller-provided endpoints and bundled base64 UI images.
Evidence
package.jsonsrc/index.tssrc/sdk.tssdk.jssrc/lib/utils.tssrc/app/utils/attachments.tssrc/app/service/fetch-bots.tssrc/core/plugin-system/PluginManager.tssrc/plugin-sdk/plugin.tsscripts/validate-build.jsvite.config.tssrc/const/ui.ts
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- src/lib/utils.ts and src/app/utils/attachments.ts can download arbitrary user-provided attachment URLs and upload to a provided endpoint at runtime.
- src/app/service/fetch-bots.ts fetches from a caller-provided apiEndpoint plus /agent/all-bots.
Evidence against
- package.json has no preinstall/install/postinstall/prepare lifecycle hooks or bin entries.
- package.json exports browser/library builds only: dist/ai-office.js, dist/ai-office.umd.cjs, dist/sdk.js, and types/styles.
- No child_process, eval/new Function, filesystem writes, homedir access, native binaries, or agent control-surface files found in source scans.
- Network usage is package-aligned UI/file/agent functionality and uses caller-supplied endpoints rather than hardcoded exfiltration hosts.
- The scanner secret-pattern hit is explained by bundled data:image base64 UI assets in src/const/ui.ts and dist bundles.
- PluginManager loads built-in/external plugin objects inside the app API; no npm install-time registration or foreign AI-agent surface mutation found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index-DsVFpmkp.jsView file
2923patternName = generic_password
severity = medium
line = 2923
matchedText = password...4;",
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/index-DsVFpmkp.jsView on unpkg · L2923dist/sdk.jsView file
2920patternName = generic_password
severity = medium
line = 2920
matchedText = password...4;",
Medium
dist/ai-office.umd.cjsView file
5patternName = generic_password
severity = medium
line = 5
matchedText = url(data..."),`
Medium
Findings
5 Medium4 Low
MediumSecret Patterndist/index-DsVFpmkp.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/sdk.js
MediumSecret Patterndist/ai-office.umd.cjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings