registry  /  @flarehr/promoted-benefits-ui  /  1.0.1010

@flarehr/promoted-benefits-ui@1.0.1010

Flare Promoted Benefits

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. The shipped browser UI exchanges an authorization code, loads configured promotion data, records promotion analytics, and sends parent-frame UI events.

Static reason
No blocking static signals were detected.
Trigger
Browser loads the shipped promoted-benefits page and a user views or acts on a promotion.
Impact
Normal application data and analytics traffic; no package-driven host mutation, payload execution, or secret exfiltration observed.
Mechanism
Configured browser API calls, promotion tracking, and UI rendering.
Rationale
Direct inspection shows a bundled browser promotion UI with expected configuration, OAuth-style token exchange, analytics, and explicit promotion navigation. No concrete malicious behavior or install-time control-surface mutation was found.
Evidence
package.jsondist/index.htmldist/assets/index-CRiGReAU.jsREADME.md
Network endpoints2
www.datadoghq-browser-agent.com/us1/v5/datadog-rum.jseconnex.com.au/?rc=862160&utm_source=promoted_benefits&utm_medium=fallback&utm_campaign=energy_alwayson&utm_content=energy_intialoffer

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • package.json has no preinstall/install/postinstall or bin entrypoint.
    • dist/index.html loads the UI bundle and Datadog RUM with masked input.
    • dist/assets/index-CRiGReAU.js fetches same-origin config, configured identity, and promotion APIs.
    • Bundle uses sessionStorage for a generated analytics identifier; no credential/file harvesting.
    • No shell execution, eval/Function, dynamic code loading, native binaries, or persistence found.
    • Outbound public link is an explicit Econnex promotion action.
    Behavioral surface
    Source
    Network
    Supply chain
    HighEntropyStringsMinifiedTrivialUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 31.2 KB of source, external domains: econnex.com.au, github.com, www.w3.org

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium4 Low
    MediumNetwork
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings