AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. Network use is browser runtime functionality tied to caller-provided AI office API, chat, attachment, and voice endpoints.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports/renders the AI Office React component or uses its browser UI features.
Impact
No unauthorized install-time execution, persistence, exfiltration, or filesystem/control-surface mutation identified.
Mechanism
browser UI SDK with in-memory plugin registration and caller-configured network requests
Rationale
Static inspection shows a React/browser AI office UI package whose suspicious primitives are package-aligned runtime networking and in-memory plugin loading. There are no lifecycle hooks, foreign AI-agent config writes, credential collection, shell execution, or concrete exfiltration behavior.
Evidence
package.jsonsrc/app/service/fetch-bots.tssrc/app/hooks/useChatTransport.tssrc/lib/utils.tssrc/app/utils/attachments.tssrc/core/plugin-system/PluginManager.tssrc/plugins/index.tssrc/app/hooks/use-voice-input.ts
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no npm lifecycle scripts and exports built dist/browser SDK files.
- src/app/service/fetch-bots.ts fetches only from caller-supplied apiEndpoint for agent manifest.
- src/app/hooks/useChatTransport.ts connects chat to caller-supplied apiEndpoint/common/connect.
- src/lib/utils.ts and src/app/utils/attachments.ts download/upload user-provided attachments via browser fetch only.
- src/core/plugin-system/PluginManager.ts installs package/app plugins in memory via Vite import.meta.glob, not filesystem or foreign agent config writes.
- No child_process, shell execution, eval/Function, credential harvesting, persistence, or AI-agent control-surface mutation found.
Behavioral surface
ChildProcessEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsMinifiedUrlStrings
Source & flagged code
3 flagged · loading sourcedist/index-D0oAxdHR.jsView file
2923patternName = generic_password
severity = medium
line = 2923
matchedText = password...4;",
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/index-D0oAxdHR.jsView on unpkg · L2923dist/sdk.jsView file
2920patternName = generic_password
severity = medium
line = 2920
matchedText = password...4;",
Medium
dist/ai-office.umd.cjsView file
5patternName = generic_password
severity = medium
line = 5
matchedText = url(data..."),`
Medium
Findings
5 Medium4 Low
MediumSecret Patterndist/index-D0oAxdHR.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/sdk.js
MediumSecret Patterndist/ai-office.umd.cjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings