AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network and env access are package-aligned UI/auth configuration features and require consumer use of the components.
Static reason
One or more suspicious static signals were detected.
Trigger
Consumer imports and renders specific UI components
Impact
No credential exfiltration, install-time execution, persistence, or unauthorized filesystem/control-surface mutation identified
Mechanism
React/React Native component library behavior
Rationale
Static source inspection shows a normal cross-platform UI component package with no lifecycle execution or concrete malicious behavior. The scanner hits are explained by documented UI features, public env configuration, and user-invoked component networking.
Evidence
package.jsondist/web/index.jsdist/native/index.jsdist/index.jsdist/motion-presets/motion-presets.jsREADME.md
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/web/index.js includes a FeedbackWidget that POSTs user-submitted bug report data to a caller-provided endpoint at runtime.
- dist/web/index.js and dist/native/index.js read public auth env vars such as NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY for configuration.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks and no bin entry.
- Entrypoints are built React/React Native UI bundles: dist/web/index.js, dist/native/index.js, dist/index.js, and motion presets.
- No child_process, fs, http/https module use, eval/new Function, native binary loading, persistence, or agent control-surface writes found in JS bundles.
- Network use is component-aligned: user-invoked fetch to a supplied endpoint, demo Supabase config, fonts/images/social share URLs, and NetInfo connectivity checks.
- LocalStorage usage is limited to theme/cache/tour-style UI state, not credential harvesting.
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
10 flagged · loading sourcedist/native/index.jsView file
8613patternName = generic_password
severity = medium
line = 8613
matchedText = newError...ed";
Medium
8615patternName = generic_password
severity = medium
line = 8615
matchedText = newError...rs";
Medium
8822patternName = generic_password
severity = medium
line = 8822
matchedText = newError...ed";
Medium
8824patternName = generic_password
severity = medium
line = 8824
matchedText = newError...rs";
Medium
8826patternName = generic_password
severity = medium
line = 8826
matchedText = newError...er";
Medium
dist/native/index.mjsView file
8636patternName = generic_password
severity = medium
line = 8636
matchedText = newError...ed";
Medium
8638patternName = generic_password
severity = medium
line = 8638
matchedText = newError...rs";
Medium
8853patternName = generic_password
severity = medium
line = 8853
matchedText = newError...ed";
Medium
8855patternName = generic_password
severity = medium
line = 8855
matchedText = newError...rs";
Medium
8857patternName = generic_password
severity = medium
line = 8857
matchedText = newError...er";
Medium
Findings
12 Medium3 Low
MediumSecret Patterndist/native/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings