AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package is a web3 smart-account SDK with user-invoked auth, bundler, vault, blockchain RPC, and optional encrypted local keyshare storage behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Import initializes token manager storage read; network/file effects occur when application calls exported SDK methods.
Impact
Expected authentication, wallet, vault backup, and blockchain operations; no credential harvesting or unconsented exfiltration identified.
Mechanism
Package-aligned SDK API calls and explicit encrypted keyshare storage
Rationale
Static inspection shows expected SDK behavior: exported methods manage JWTs, call EmbarkAI/blockchain services, and optionally store encrypted keyshares. Scanner hits for network, environment variables, tokens, and file I/O are package-aligned and not evidence of malicious install/import-time behavior.
Evidence
package.jsondist/index.cjsdist/clients/index.cjsdist/clients/node.cjsREADME.mddata/keyshares/*.keyshare
Network endpoints9
api.embarkai.io/tssapi.embarkai.io/vaultapi.embarkai.io/rundlerapi.embarkai.io/rundler-arbitrum-sepoliaapi.embarkai.io/rundler-base-sepoliaapi.embarkai.io/rundler-bscapi.embarkai.io/rundler-lark-testnetapi.embarkai.io/rundler-sepoliadashboard.embarkai.io/api
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle hooks; scripts are developer-invoked only.
- dist/index.cjs import initializes JwtTokenManager but only reads configured/local storage; no install-time network or shell execution.
- Network calls are SDK auth/bundler/vault/blockchain APIs invoked by exported functions, mainly api.embarkai.io and configured RPC/explorer URLs.
- dist/clients/node.cjs file access is explicit FileKeyshareStorage for encrypted keyshare persistence under config storageDir or ./data/keyshares.
- Dynamic imports are limited to viem, crypto, and optional dkls23-wasm; no eval, child_process, or hidden downloader found.
- README env/API-key examples match documented SDK configuration, not embedded secrets.
Behavioral surface
CryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/clients/index.jsView file
593patternName = generic_password
severity = medium
line = 593
matchedText = "Failed ...or))
Medium
dist/clients/index.cjsView file
595patternName = generic_password
severity = medium
line = 595
matchedText = "Failed ...or))
Medium
Secret Pattern
Hardcoded password in dist/clients/index.cjs
dist/clients/index.cjsView on unpkg · L595dist/index.jsView file
2684patternName = generic_password
severity = medium
line = 2684
matchedText = "Failed ...or))
Medium
dist/index.cjsView file
2685patternName = generic_password
severity = medium
line = 2685
matchedText = "Failed ...or))
Medium
Findings
6 Medium4 Low
MediumSecret Patterndist/clients/index.js
MediumNetwork
MediumEnvironment Vars
MediumSecret Patterndist/clients/index.cjs
MediumSecret Patterndist/index.js
MediumSecret Patterndist/index.cjs
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings