AI Security Review
scanned 11h ago · by lpm-firewall-aiNo confirmed malicious attack surface. Runtime network and cobrowse behavior are package-aligned for an in-app voice/support widget and require the embedded Voicebox session to be opened/connected.
Static reason
One or more suspicious static signals were detected.
Trigger
User embeds Voicebox and opens/connects the widget at runtime
Impact
Sends configured publishable key, identifier, instructions, metadata, media/session data, and optional cobrowse events to the support service during a session
Mechanism
Meridial/LiveKit session token fetch, media/data streams, optional cobrowse replay and app-registered tool RPC
Rationale
Static inspection shows a React SDK for a Meridial support widget with user-invoked runtime networking, LiveKit connectivity, documented tool callbacks, and guarded cobrowse recording. Suspicious primitives are aligned with the package purpose and no install-time execution, persistence, exfiltration of local credentials, or AI-agent control-surface mutation was found.
Evidence
package.jsonREADME.mddist/index.jsdist/voicebox.jsdist/chunk-4UT6YTP7.js
Network endpoints2
app.meridial.dev/api/auth/livekit/reactcloud-api.livekit.io/api/v2/sandbox/connection-details
Decision evidence
public snapshotAI called this Clean at 90.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no install/preinstall/postinstall hooks or bin entrypoints.
- dist/index.js only re-exports Voicebox/tool/useTool and streams user-supplied reply/tool schema over an active room.
- dist/chunk-4UT6YTP7.js fetches Meridial token endpoint only when Voicebox chat starts.
- rrweb recording starts only after a connected participant metadata type is SUPPORT, consistent with documented cobrowse support.
- Tool RPC executes only application-registered tool definitions after zod validation.
- No child_process/fs/native loading, persistence, agent config writes, or credential file harvesting found.
Behavioral surface
ChildProcessEnvironmentVarsNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-4UT6YTP7.jsView file
13712patternName = generic_password
severity = medium
line = 13712
matchedText = let sdp2...\n";
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/chunk-4UT6YTP7.jsView on unpkg · L13712Findings
3 Medium3 Low
MediumSecret Patterndist/chunk-4UT6YTP7.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings