AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed attack surface: the package is a shared ESM library of pure domain logic and TypeScript interface ports. The scanner-highlighted file performs deterministic Markdown parsing only.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports @cat-factory/kernel exports or calls its pure helper functions.
Impact
No credential harvesting, exfiltration, persistence, destructive action, or AI-agent control-surface mutation identified.
Mechanism
Library exports registries, constants, type ports, and pure text/URL helper logic.
Rationale
Static source inspection does not confirm malicious behavior; the risky hints are explained by package-aligned pure logic, secret-redaction helpers, URL safety helpers, and interface declarations. There are no lifecycle hooks or import-time behaviors that mutate files, execute commands, or contact remote endpoints.
Evidence
package.jsondist/index.jsdist/domain/doc-quality-logic.jsdist/shared/redact-secrets.logic.jsdist/shared/ip-host.logic.jsdist/ports/secret-cipher.jsdist/domain/models.js
Network endpoints4
github.com/kibertoad/cat-factory.gitapi.z.ai/api/anthropicapi.moonshot.ai/anthropicapi.deepseek.com/anthropic
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks; main is ./dist/index.js.
- dist/index.js only re-exports domain/shared/ports modules; no import-time side effects observed.
- dist/domain/doc-quality-logic.js is pure Markdown structure analysis with no I/O, shell, network, or eval.
- Unicode finding is a FEFF BOM marker allowed in a front-matter regex, not bidi control-flow manipulation.
- rg found no child_process/eval/fetch/write/delete lifecycle behavior in reviewed JS sources.
- Network URLs are static model/repository metadata, not contacted by package code.
Behavioral surface
ChildProcess
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/domain/doc-quality-logic.jsView file
9contains invisible/control Unicode U+FEFF (zero width no-break space)
const m = content.match(/^<U+FEFF>?---[ \t]*\r?\n[\s\S]*?\r?\n---[ \t]*(?:\r?\n|$)/);
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/domain/doc-quality-logic.jsView on unpkg · L9•Trigger-reachable chain: manifest.main -> dist/index.js -> dist/domain/doc-quality-logic.js
Reachable file contains a blocking source-risk pattern.
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/domain/doc-quality-logic.jsView on unpkgFindings
2 Critical1 Medium4 Low
CriticalTrojan Source Unicodedist/domain/doc-quality-logic.js
CriticalTrigger Reachable Dangerous Capabilitydist/domain/doc-quality-logic.js
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License