AI Security Review
scanned 5d ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. This is a browser UI bundle that retrieves configuration from its own origin and calls runtime-configured identity and benefits APIs.
Static reason
No blocking static signals were detected.
Trigger
Loading dist/index.html in a browser
Impact
Normal browser telemetry and configured promotion/API requests; no install-time mutation, persistence, or host compromise observed.
Mechanism
OAuth-backed promoted-benefits UI with analytics and event tracking
Rationale
Static inspection shows a packaged browser component with ordinary configured authentication, promotion retrieval, event tracking, and Datadog RUM. No concrete malicious behavior, install-time control-surface mutation, exfiltration primitive, or remote code execution chain was found.
Evidence
package.jsondist/index.htmldist/assets/index-D7XaTsdA.jsREADME.md
Network endpoints2
www.datadoghq-browser-agent.com/us1/v5/datadog-rum.jseconnex.com.au/?rc=862160&utm_source=promoted_benefits&utm_medium=fallback&utm_campaign=energy_alwayson&utm_content=energy_intialoffer
Decision evidence
public snapshotAI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has only a prepare hook (husky), not preinstall/install/postinstall.
- No Husky config or executable package files are present beyond the bundled web app.
- dist/assets/index-D7XaTsdA.js contains no eval, Function, dynamic import/require, shell, or Node file-access primitives.
- Runtime fetches implement configured OAuth and promoted-benefit API requests; no credential or filesystem harvesting is present.
- dist/index.html loads Datadog RUM with masked user input; the bundle contains an Econnex public promotion link.
Behavioral surface
Network
HighEntropyStringsMinifiedTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Medium4 Low
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings