AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Runtime behavior is a headless Elyx editor client that connects to Elyx APIs/websockets using user-supplied credentials, with explicit CLIs for exporting project JSON and generating test boilerplate.
Static reason
One or more suspicious static signals were detected.
Trigger
Runtime Editor.setup()/project methods or explicit CLI invocation
Impact
No evidence of unconsented execution, exfiltration, persistence, or destructive mutation
Mechanism
Package-aligned API/websocket client and explicit export/test file generation
Rationale
Static inspection shows package-aligned editor networking and explicit CLI export behavior, with no lifecycle hooks or concrete malicious chain. Token logging is undesirable but local and not paired with exfiltration or install-time execution.
Evidence
package.jsondist/index.jsdist/config.jsdist/export-project.jsdist/export-project-cli.jsdist/create-test-cli.jsdist/modules/uuid.jsdist/test-instance.js../../.env.test../.env.test../../project-logic-tree/src/other-tests
Network endpoints6
api.dev.elyx.techapi.staging.elyx.techapi.elyx.techws.dev.elyx.techwss://ws.staging.elyx.techwss://ws.elyx.tech
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/index.js logs access and refresh tokens during setup, creating local exposure risk if logging is enabled.
- dist/export-project-cli.js and dist/create-test-cli.js load .env.test and write user-requested export/test files when explicitly run.
Evidence against
- package.json has no preinstall/install/postinstall hooks and no bin entries.
- dist/index.js network use is editor/project API and websocket traffic to Elyx service endpoints with caller-provided tokens.
- dist/config.js contains public client configuration such as publishable Stripe/Cognito/Google keys, not private credential theft logic.
- No child_process, eval/Function, native binary loading, persistence, destructive filesystem behavior, or AI-agent control-surface writes found.
- CLI filesystem writes are explicit export/test generation behavior, not install-time or import-time mutation.
Behavioral surface
EnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/config.jsView file
40patternName = google_api_key
severity = high
line = 40
matchedText = GOOGLE_P...EA',
High
40patternName = google_api_key
severity = high
line = 40
matchedText = GOOGLE_P...EA',
High
76patternName = google_api_key
severity = high
line = 76
matchedText = GOOGLE_P...EA',
High
111patternName = google_api_key
severity = high
line = 111
matchedText = GOOGLE_P...EA',
High
Findings
4 High2 Medium4 Low
HighHigh Secretdist/config.js
HighSecret Patterndist/config.js
HighSecret Patterndist/config.js
HighSecret Patterndist/config.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings