AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package exposes user-invoked Solana transaction and wallet-redirect functionality appropriate to its SDK role.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Application explicitly calls wallet connect, signing, or transfer APIs.
Impact
A caller can request wallet actions, but source shows no autonomous transfer, credential exfiltration, persistence, or install-time execution.
Mechanism
Builds transactions and delegates signing to the configured wallet provider.
Rationale
The scanner's wallet-drain signal maps to an explicit SDK transfer API that uses caller-supplied recipient and wallet account, then delegates signing to the wallet provider. Source inspection found no lifecycle execution or concrete unauthorized behavior.
Evidence
package.jsondist/index.esm.jsdist/solanaTransferAmount-B4keau5s.cjs
Network endpoints1
phantom.app/ul/v1
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/solanaTransferAmount-B4keau5s.cjs` builds SOL/SPL transfer transactions.
- `dist/index.esm.js` signs and broadcasts only through the selected wallet provider.
- `dist/index.esm.js` stores encrypted Phantom redirect session state.
Evidence against
- `package.json` has no preinstall, install, postinstall, or prepare hook.
- No child-process, filesystem-write, environment-harvesting, eval, or dynamic-code primitive found in `dist`.
- Transfers require explicit amount, recipient, wallet account, and provider signing.
- The only concrete remote URL is Phantom's documented deeplink base.
Behavioral surface
Crypto
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
2 flagged · loading sourcedist/index.esm.jsView file
1import { a as NotSolanaProviderError, c as isSolanaWalletAccount, d as [redacted], f as name, i as isSolanaGasSponsorshipEnabled, l as isVersionedTransact...
L2: import { t as assertBufferAvailable } from "./assertBufferAvailable-b4xOlERy.esm.js";
...
L222: outAssets: response.outAssets || [],
L223: priceData: response.priceData,
L224: showTotalFiat: response.showTotalFiat,
...
L299: //#region [redacted].constants.ts
L300: const PHANTOM_DEEPLINK_BASE_URL = "https://phantom.app/ul/v1";
L301: const PHANTOM_SESSION_STORAGE_KEY = "phantom_session";
...
L763: if (!decrypted) throw new PhantomRedirectDecryptionError();
L764: const decryptedString = getBuffer().from(decrypted).toString("utf-8");
L765: try {
Critical
Wallet Drain
Source uses private key material to transfer cryptocurrency funds.
dist/index.esm.jsView on unpkg · L1dist/index.cjsView file
75Trigger-reachable chain: manifest.main -> dist/index.cjs
L75: * This function fetches the transaction fee by compiling the transaction message
L76: * and querying the network. It handles both legacy Transaction and VersionedTransaction
L77: * formats and includes retry logic for network requests.
...
L226: outAssets: response.outAssets || [],
L227: priceData: response.priceData,
L228: showTotalFiat: response.showTotalFiat,
...
L303: //#region [redacted].constants.ts
L304: const PHANTOM_DEEPLINK_BASE_URL = "https://phantom.app/ul/v1";
L305: const PHANTOM_SESSION_STORAGE_KEY = "phantom_session";
...
L767: if (!decrypted) throw new PhantomRedirectDecryptionError();
L768: const decryptedString = (0, _dynamic_labs_sdk_client_core.getBuffer)().from(decrypted).toString("utf-8");
L769: try {
Critical
Trigger Reachable Dangerous Capability
A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/index.cjsView on unpkg · L75Findings
2 Critical1 Medium4 Low
CriticalWallet Draindist/index.esm.js
CriticalTrigger Reachable Dangerous Capabilitydist/index.cjs
MediumStructural Risk Force Deep Review
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License