AI Security Review
scanned 14d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime behavior is a React browser chat widget that contacts Eloquent AI APIs, loads UI assets, stores conversation state locally, and opens an AppSync realtime connection using API values returned by boot.
Static reason
One or more suspicious static signals were detected.
Trigger
Importing/rendering Chat or renderChat in a browser application
Impact
User-provided chat identity, messages, URL search params, ratings, and conversation state are sent to configured Eloquent AI/AppSync endpoints as part of SDK functionality.
Mechanism
package-aligned chat API requests, asset loads, localStorage persistence, and AppSync websocket
Rationale
Static inspection shows a bundled React chat SDK with expected Eloquent AI/API, asset, localStorage, and AppSync realtime behavior, plus Sentry code initialized with dsn undefined. I found no install-time execution, credential harvesting, arbitrary code execution, filesystem access, or unconsented agent-control mutation.
Evidence
package.jsonREADME.mddist/index.mjsdist/index-CzTUqNbz.jsdist/index-Bf7skbL8.jsdist/lib/eloquent-ai-api-client.d.tsdist/lib/config.d.ts
Network endpoints8
chat.eloquentai.coregion.eloquentai.cocdn.eloquentai.co/assets/logo-waiting-simple.rivfonts.googleapis.comfonts.gstatic.comunpkg.com/@rive-app/canvas@2.35.2/rive.wasmcdn.jsdelivr.net/npm/@rive-app/canvas@2.35.2/rive_fallback.wasmwss://<appsync-derived>/realtime
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall lifecycle hooks; main is dist/index.mjs.
- dist/index.mjs only re-exports bundled chat components and sets Sentry debug IDs.
- dist/index-CzTUqNbz.js network calls are chat SDK operations: boot, region lookup, chat create/reply/history/rating, AppSync websocket.
- Browser storage is limited to localStorage key eloquent-ai::conversation-data for conversation/user/device IDs and messages.
- No child_process, filesystem access, credential file harvesting, destructive behavior, persistence, or AI-agent control-surface writes found.
- Scanner secret hits are bundled dependency/config terms such as apiKey/Sentry/AWS signing, not embedded private credentials.
Behavioral surface
ChildProcessEnvironmentVarsNetworkWebSocket
HighEntropyStringsUrlStrings
NoLicense
Source & flagged code
1 flagged · loading sourcedist/index-Bf7skbL8.jsView file
4924patternName = generic_password
severity = medium
line = 4924
matchedText = return t...g();
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/index-Bf7skbL8.jsView on unpkg · L4924Findings
3 Medium4 Low
MediumSecret Patterndist/index-Bf7skbL8.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings
LowNo License