registry  /  @flarehr/promoted-benefits-ui  /  1.0.1015

@flarehr/promoted-benefits-ui@1.0.1015

Flare Promoted Benefits

AI Security Review

scanned 5d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The shipped browser component fetches its runtime configuration and promotion/authentication data, records promotion analytics, and reports UI sizing to its embedding parent.

Static reason
No blocking static signals were detected.
Trigger
Browser loads `dist/index.html` and renders the component.
Impact
Expected application functionality and telemetry; no unconsented install-time or host-level action established.
Mechanism
Configured promotion API calls, OAuth token exchange, analytics, and iframe postMessage events.
Rationale
Source inspection shows a bundled Preact promoted-benefits UI with package-aligned runtime API/telemetry behavior, not malware. The `prepare` hook is Husky-only and no concrete execution, exfiltration, persistence, or AI-agent-control chain was found.
Evidence
package.jsondist/index.htmldist/assets/index-DNBGCMpp.jsdist/assets/index-BKQX8kED.cssREADME.md
Network endpoints2
www.datadoghq-browser-agent.com/us1/v5/datadog-rum.jseconnex.com.au/?rc=862160&utm_source=promoted_benefits&utm_medium=fallback&utm_campaign=energy_alwayson&utm_content=energy_intialoffer

Decision evidence

public snapshot
AI called this Clean at 96.0% confidence as Benign with low false-positive risk.
Evidence for block
    Evidence against
    • `package.json` has only a `prepare: husky` development hook; no install/postinstall hook.
    • `dist/assets/index-DNBGCMpp.js` is a browser UI bundle with no shell, eval, dynamic loading, or filesystem APIs.
    • Runtime requests use configured first-party `apolloBaseUrl` plus same-origin config/API paths.
    • `dist/index.html` loads Datadog RUM with masked user-input privacy settings; no credential harvesting found.
    • No package files write persistence, agent configuration, or destructive payloads.
    Behavioral surface
    Source
    Network
    Supply chain
    HighEntropyStringsMinifiedTrivialUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 1 file(s), 31.2 KB of source, external domains: econnex.com.au, github.com, www.w3.org

    Source & flagged code

    0 flagged
    No flagged code excerpts are attached to this scan.

    Findings

    1 Medium4 Low
    MediumNetwork
    LowNon Install Lifecycle Scripts
    LowScripts Present
    LowHigh Entropy Strings
    LowUrl Strings