AI Security Review
scanned 1h ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network and storage primitives are package-aligned UI features triggered by consuming app components or user actions.
Static reason
One or more suspicious static signals were detected.
Trigger
Runtime use of exported React/React Native UI components
Impact
No install-time execution, credential harvesting, persistence, or unauthorized file/network behavior identified
Mechanism
UI components, local cache/theme storage, optional caller-provided feedback POST
Rationale
Static inspection shows a bundled cross-platform UI component library with benign runtime browser/native APIs and no lifecycle hooks or concrete exfiltration/RCE/persistence chain. Scanner signals map to expected UI behavior such as localStorage, caller-supplied fetch endpoints, public env config, demo URLs, and password form components.
Evidence
package.jsondist/web/index.jsdist/native/index.jsdist/index.jsREADME.md
Network endpoints8
github.com/DigiLogicLabs/dll-platform/tree/main/packages/saas-factory-ui#readmegithub.com/DigiLogicLabs/dll-platform.gitregistry.npmjs.org/demo.supabase.cofonts.googleapis.com/images.unsplash.com/twitter.com/www.facebook.com/
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks and only build/test/lint/release scripts.
- Entrypoints are dist/web/index.js, dist/web/index.mjs, and dist/native/index.js for a React/React Native UI library.
- No fs, child_process, shell execution, eval/Function, native binary loading, or project-file mutation found in distributed JS.
- fetch usage in dist/web/index.js posts a user-submitted bug report to caller-provided endpoint, not a hardcoded exfiltration host.
- process.env reads in dist/web/index.js and dist/native/index.js are limited to public app config/auth provider detection and NODE_ENV devtools checks.
- Secret-pattern hits are UI password fields/validators, public demo Supabase URL, and type token wording, not embedded credentials.
Behavioral surface
EnvironmentVarsNetwork
HighEntropyStringsUrlStrings
Source & flagged code
10 flagged · loading sourcedist/native/index.jsView file
8613patternName = generic_password
severity = medium
line = 8613
matchedText = newError...ed";
Medium
8615patternName = generic_password
severity = medium
line = 8615
matchedText = newError...rs";
Medium
8822patternName = generic_password
severity = medium
line = 8822
matchedText = newError...ed";
Medium
8824patternName = generic_password
severity = medium
line = 8824
matchedText = newError...rs";
Medium
8826patternName = generic_password
severity = medium
line = 8826
matchedText = newError...er";
Medium
dist/native/index.mjsView file
8636patternName = generic_password
severity = medium
line = 8636
matchedText = newError...ed";
Medium
8638patternName = generic_password
severity = medium
line = 8638
matchedText = newError...rs";
Medium
8853patternName = generic_password
severity = medium
line = 8853
matchedText = newError...ed";
Medium
8855patternName = generic_password
severity = medium
line = 8855
matchedText = newError...rs";
Medium
8857patternName = generic_password
severity = medium
line = 8857
matchedText = newError...er";
Medium
Findings
12 Medium3 Low
MediumSecret Patterndist/native/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.js
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
MediumSecret Patterndist/native/index.mjs
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings