AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface found. Network and environment-variable references are package-aligned UI/application features and require consumer/user invocation.
Static reason
One or more suspicious static signals were detected.
Trigger
Importing UI components or user interacting with optional UI widgets
Impact
No unauthorized code execution, persistence, credential harvesting, or exfiltration identified
Mechanism
React/React Native component library behavior
Rationale
Static source inspection shows a conventional cross-platform UI component package; suspicious scanner hits map to user-invoked fetch, public environment config, local UI storage, demo URLs, and documentation links. No install/import-time malicious behavior or concrete exfiltration path was found.
Evidence
package.jsonREADME.mddist/web/index.jsdist/web/index.mjsdist/native/index.jsdist/native/index.mjsdist/index.jsdist/index.mjs
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks and entrypoints point to dist web/native bundles.
- dist/web/index.js fetch occurs only in a FeedbackWidget submit handler posting user-entered bug report data to caller-provided endpoint.
- dist/web/index.js env access is limited to public app config keys such as NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY.
- dist/web/index.js and dist/native/index.js localStorage usage is theme/cache persistence, not credential harvesting.
- No child_process, fs writes, eval/new Function, beacon, cookie access, native binary loading, or AI-agent control-surface writes found in inspected bundles.
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
10 flagged · loading sourcedist/native/index.jsView file
8613patternName = generic_password
severity = medium
line = 8613
matchedText = newError...ed";
Medium
8615patternName = generic_password
severity = medium
line = 8615
matchedText = newError...rs";
Medium
8822patternName = generic_password
severity = medium
line = 8822
matchedText = newError...ed";
Medium
8824patternName = generic_password
severity = medium
line = 8824
matchedText = newError...rs";
Medium
8826patternName = generic_password
severity = medium
line = 8826
matchedText = newError...er";
Medium
dist/native/index.mjsView file
8636patternName = generic_password
severity = medium
line = 8636
matchedText = newError...ed";
Medium
8638patternName = generic_password
severity = medium
line = 8638
matchedText = newError...rs";
Medium
8853patternName = generic_password
severity = medium
line = 8853
matchedText = newError...ed";
Medium
8855patternName = generic_password
severity = medium
line = 8855
matchedText = newError...rs";
Medium
8857patternName = generic_password
severity = medium
line = 8857
matchedText = newError...er";
Medium
Findings
12 Medium3 Low
MediumSecret Patterndist/native/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings