AI Security Review
scanned 4h ago · by lpm-firewall-aiUnable to complete required source inspection in this response.
Static reason
One or more suspicious static signals were detected.
Trigger
unknown
Impact
unknown
Mechanism
unknown
Rationale
I cannot issue a valid maliciousness verdict without the required source inspection.
Decision evidence
public snapshotAI called this Manual Review at 10.0% confidence as Unknown with high false-positive risk.
Evidence for warning
- No source inspection performed due to tool invocation error.
Evidence against
Behavioral surface
CryptoFilesystem
MinifiedObfuscated
Source & flagged code
3 flagged · loading sourcedist/esm/core/keyPairs.jsView file
1patternName = private_key_rsa
severity = critical
line = 1
matchedText = import{a...rs};
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/esm/core/keyPairs.jsView on unpkg · L11patternName = private_key_rsa
severity = critical
line = 1
matchedText = import{a...rs};
Critical
Secret Pattern
RSA private key in dist/esm/core/keyPairs.js
dist/esm/core/keyPairs.jsView on unpkg · L1dist/cjs/index.cjsView file
1patternName = private_key_rsa
severity = critical
line = 1
matchedText = "use str...5=w;
Critical
Findings
3 Critical3 Low
CriticalCritical Secretdist/esm/core/keyPairs.js
CriticalSecret Patterndist/esm/core/keyPairs.js
CriticalSecret Patterndist/cjs/index.cjs
LowScripts Present
LowFilesystem
LowObfuscated