AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Network behavior is package-aligned SDK/API, worker WebSocket, optional synthetic webhook delivery, and Cloud Run instance-id detection.
Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User imports SDK and explicitly constructs Client, calls Worker.run(), Client methods, or deliverSyntheticWebhook.
Impact
Expected API communication and user-registered callback execution; no unconsented code execution or exfiltration found.
Mechanism
Mobius SDK HTTP/WebSocket client and worker runtime
Rationale
Static source inspection shows an SDK whose network and environment-variable use are aligned with documented Mobius client/worker behavior. The scanner's metadata endpoint signal is explained by Cloud Run instance ID detection, not credential metadata access or exfiltration.
Evidence
package.jsonREADME.mddist/index.jsdist/client.jsdist/worker.jsdist/webhook.jsdist/signing.jsdist/retry.js
Network endpoints4
api.mobiusops.aimetadata.google.internal/computeMetadata/v1/instance/iduser-configured Client.baseURLuser-provided synthetic webhook URL
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly build script; no install/postinstall lifecycle.
- dist/index.js only re-exports SDK modules; no import-time side effects beyond module loading.
- dist/client.js sends authenticated requests to configured Mobius API base URL, default https://api.mobiusops.ai.
- dist/worker.js WebSocket worker executes only user-registered action/generator callbacks after Worker.run().
- dist/worker.js metadata.google.internal lookup is gated by K_REVISION and used only to derive Cloud Run worker instance id.
- No child_process, filesystem writes, eval/vm/Function, native binary loading, persistence, or credential harvesting found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsNetworkWebSocket
UrlStrings
Source & flagged code
2 flagged · loading sourcedist/worker.jsView file
11return { id: cloudRun, source: "cloud_run_revision_instance" };
L12: const hostname = (process.env.HOSTNAME ?? "").trim();
L13: if (hostname)
...
L24: try {
L25: const host = systemHostname().trim();
L26: if (host) {
...
L45: try {
L46: const resp = await fetch("http://metadata.google.[redacted]", { headers: { "Metadata-Flavor": "Google" }, signal: ctrl.signal });
L47: if (!resp.ok)
L48: return null;
L49: const id = (await resp.text()).trim();
L50: return id ? `${revision}-${id}` : null;
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/worker.jsView on unpkg · L11dist/client.jsView file
•matchType = previous_version_dangerous_delta
matchedPackage = @deepnoodle/mobius@0.0.29
matchedIdentity = npm:QGRlZXBub29kbGUvbW9iaXVz:0.0.29
similarity = 0.833
summary = stored previous version shares package body but lacks this dangerous source file
Critical
Previous Version Dangerous Delta
This package version adds a dangerous source file absent from the previous stored version.
dist/client.jsView on unpkgFindings
1 Critical1 High2 Medium3 Low
CriticalPrevious Version Dangerous Deltadist/client.js
HighCloud Metadata Accessdist/worker.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowUrl Strings