AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network activity implements user-configured authenticated API and OAuth/OIDC requests.
Static reason
One or more suspicious static signals were detected.
Trigger
Consumer initializes an auth provider or calls its HTTP client.
Impact
Authentication tokens are sent only to configured API/OAuth endpoints as expected by the package purpose.
Mechanism
Configured fetch-based authentication, token refresh, and OAuth flows.
Rationale
The flagged network and token patterns are core, user-configured authentication behavior, not covert collection or exfiltration. Static inspection found no install-time execution, persistence, destructive behavior, or remote payload execution.
Evidence
package.jsondist/index.cjs.jsREADME.md
Network endpoints3
${config.domain}login.microsoftonline.com/${config.tenantId}/oauth2/v2.0graph.microsoft.com/oidc/userinfo
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks.
- dist/index.cjs.js only sends fetch requests through configured auth/API endpoints.
- Token storage is explicit browser localStorage/sessionStorage functionality.
- No child-process, filesystem, eval, VM, environment, or dynamic-import APIs found.
Behavioral surface
Network
HighEntropyStringsUrlStrings
Source & flagged code
4 flagged · loading sourcedist/index.cjs.jsView file
1147patternName = generic_password
severity = medium
line = 1147
matchedText = if (!pas...d.";
Medium
1297patternName = generic_password
severity = medium
line = 1297
matchedText = errors.p...d.";
Medium
dist/index.esm.jsView file
1090patternName = generic_password
severity = medium
line = 1090
matchedText = if (!pas...d.";
Medium
1240patternName = generic_password
severity = medium
line = 1240
matchedText = errors.p...d.";
Medium
Findings
5 Medium3 Low
MediumSecret Patterndist/index.cjs.js
MediumNetwork
MediumSecret Patterndist/index.cjs.js
MediumSecret Patterndist/index.esm.js
MediumSecret Patterndist/index.esm.js
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings