AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is generated API contracts and model bindings; network use requires consumer code to invoke the OpenAPI runtime request method.
Static reason
One or more suspicious static signals were detected.
Trigger
A consuming application explicitly calls a generated API client request method.
Impact
No install-time, import-time, persistence, exfiltration, or destructive behavior established.
Mechanism
Consumer-configured fetch dispatch to an API base path.
Rationale
The suspicious secret pattern is a false positive from OpenAPI examples. Source inspection shows a generated contracts package with no automatic execution or concrete malicious behavior.
Evidence
package.jsondist/index.jsdist/openapi/index.jsdist/openapi/runtime.jsopenapi/api.yaml
Network endpoints1
localhost:8080
Decision evidence
public snapshotAI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
- `openapi/api.yaml` contains token/password-looking example values that explain the scanner hit.
Evidence against
- `package.json` has no preinstall, install, or postinstall hook.
- `dist/index.js` only re-exports generated contract modules.
- `dist/openapi/index.js` exports runtime and models; it performs no request on import.
- `dist/openapi/runtime.js` calls `fetch` only through an explicit API request method.
- No child-process, filesystem, eval, dynamic-loading, or credential-harvesting code was found in JavaScript.
- The flagged YAML values are documented request examples, not embedded credentials.
Behavioral surface
Source & flagged code
5 flagged · loading sourceopenapi/api.yamlView file
3081patternName = generic_password
severity = medium
line = 3081
matchedText = passwo...
Medium
3461patternName = generic_password
severity = medium
line = 3461
matchedText = password...tpw"
Medium
3546patternName = generic_password
severity = medium
line = 3546
matchedText = current_...tpw"
Medium
3547patternName = generic_password
severity = medium
line = 3547
matchedText = new_pass...tpw"
Medium
4031patternName = generic_password
severity = medium
line = 4031
matchedText = current_...tpw"
Medium
Findings
5 Medium1 Low
MediumSecret Patternopenapi/api.yaml
MediumSecret Patternopenapi/api.yaml
MediumSecret Patternopenapi/api.yaml
MediumSecret Patternopenapi/api.yaml
MediumSecret Patternopenapi/api.yaml
LowScripts Present