AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. Published code is a blockchain SDK with user-invoked network helpers and on-chain/RPC interactions aligned to the package purpose.
Static reason
No blocking static signals were detected.
Trigger
Importing SDK modules or calling exported SDK/rewards/dev helper functions.
Impact
No evidence of credential theft, persistence, destructive behavior, install-time mutation, or remote code execution.
Mechanism
Package-aligned SDK exports and explicit API/RPC fetch helpers.
Rationale
Static inspection found ordinary SDK code with package-aligned network access and no install-time or import-time malicious behavior. The scanner network hint is explained by explicit rewards, oracle price-feed, and RPC helper functionality.
Evidence
package.jsondist/cjs/sdk/index.jsdist/esm/sdk/index.jsdist/cjs/dev/providers.jsdist/cjs/sdk/market/pricefeeds/updates/fetchPythPayloads.jsdist/cjs/sdk/market/pricefeeds/updates/fetchRedstonePayloads.jsdist/cjs/rewards/rewards/extra-apy.jsdist/cjs/rewards/rewards/merkl-api.jsdist/cjs/common-utils/axios-cache/AxiosCache.js
Network endpoints8
api.gearbox.foundation/v1/getBalanceAtapi.merkl.xyzapi-merkl.angle.moneyhermes.pyth.network/v2/updates/price/*.g.alchemy.com/v2/*lb.drpc.live/*rpc.ankr.com/**.rpc.thirdweb.com/*
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall/bin; only prepare:"husky" and files:["dist"].
- dist/cjs/sdk/index.js and dist/esm/sdk/index.js are barrel re-exports, not import-time payloads.
- Risky primitive search found no fs, child_process, eval/vm, agent config, or credential harvesting code.
- Network calls are user-invoked SDK functions for Gearbox rewards, Merkl rewards, Pyth/Redstone price feeds, and RPC URL helpers.
Behavioral surface
Network
HighEntropyStringsUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Medium4 Low
MediumNetwork
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings