AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network, secrets, storage, SMS, vector, and LLM capabilities are SDK features invoked by application code with user-provided credentials/configuration.
Static reason
One or more suspicious static signals were detected.
Trigger
User imports the SDK and calls service methods.
Impact
No install-time execution, credential harvesting, stealth persistence, or unauthorized file/config mutation identified.
Mechanism
Legitimate SDK API clients and adapters
Rationale
Static inspection shows a broad integration SDK with expected network and credential-handling primitives, but no install/import-time execution, hidden payload loading, exfiltration, destructive behavior, or AI-agent control-surface mutation. Scanner hits are explained by package-aligned API clients, placeholder secret patterns, lazy optional imports, and documented SDK features.
Evidence
package.jsondist/index.jsdist/clients/function.client.jsdist/parsers/utils/postman.utils.jsdist/database/presave/presave-processor.jsdist/api/urls.jsdist/agents/agent-executor.jsdist/api/services/secretsApi.service.jsdist/processor/repos/sms.repo.jsREADME.md
Network endpoints8
api.ductape.applocalhost:4311api.anthropic.comapi.openai.comapi.pinecone.ioexp.host/--/api/v2/push/sendapi.nexmo.com/v1/messagesapi.plivo.com/v1/Account/
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only prepublishOnly build script; no preinstall/install/postinstall runtime hook.
- dist/index.js exports SDK classes and lazy service methods; constructor initializes state and method tables, not attack actions.
- dist/clients/function.client.js dynamic URL is caller-supplied axios client construction, not hidden dynamic require or payload loading.
- dist/parsers/utils/postman.utils.js contains placeholder auth tokens and api.example.com defaults for Postman parsing, not embedded secrets.
- dist/api/urls.js and clients route user-invoked SDK calls to ductape API or local override; no unsolicited exfiltration path seen.
- dist/agents/agent-executor.js reads OpenAI/Anthropic env API keys only when user configures LLM providers.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsFilesystemNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/parsers/utils/postman.utils.jsView file
39patternName = generic_password
severity = medium
line = 39
matchedText = password...d}}'
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/parsers/utils/postman.utils.jsView on unpkg · L39dist/clients/function.client.jsView file
5Object.defineProperty(exports, "__esModule", { value: true });
L6: const axios_1 = __importDefault(require("axios"));
L7: const CancelToken = axios_1.default.CancelToken;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/clients/function.client.jsView on unpkg · L5dist/database/presave/presave-processor.jsView file
79return {
L80: data: isArray ? processedRecords : processedRecords[0],
L81: appliedOperations,
...
L193: case presave_interface_1.PreSaveOperationType.PARSE_JSON:
L194: return { [op.field]: typeof record[op.field] === 'string' ? JSON.parse(record[op.field]) : record[op.field] };
L195: case presave_interface_1.PreSaveOperationType.STRINGIFY_JSON:
Low
Weak Crypto
Package source references weak cryptographic algorithms.
dist/database/presave/presave-processor.jsView on unpkg · L79Findings
4 Medium6 Low
MediumSecret Patterndist/parsers/utils/postman.utils.js
MediumDynamic Requiredist/clients/function.client.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowWeak Cryptodist/database/presave/presave-processor.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings