AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The risky primitives are runtime cobrowse, LiveKit networking, and user-defined tool execution for a documented support voice assistant SDK.
Static reason
One or more suspicious static signals were detected.
Trigger
User embeds Voicebox and starts a chat/call session in the browser.
Impact
Runtime page replay and app-defined actions may be sent to the configured Meridial/LiveKit session, but no hidden install/import-time compromise was found.
Mechanism
documented voice assistant, cobrowse recording, remote scroll, and schema-validated app tool RPC
Rationale
Static inspection shows a React SDK whose network, rrweb, LiveKit, and tool RPC behavior matches the documented voice assistant/cobrowse product surface. There are sensitive dual-use browser capabilities, but they are user-invoked and package-aligned with no hidden lifecycle execution, exfiltration, persistence, or destructive behavior.
Evidence
package.jsonREADME.mddist/index.jsdist/voicebox.jsdist/chunk-KLCKOOAO.js
Network endpoints3
app.meridial.dev/api/auth/livekit/reactmeridial.devcloud-api.livekit.io
Decision evidence
public snapshotAI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
- dist/chunk-KLCKOOAO.js starts rrweb recording and streams replay events after a SUPPORT participant joins.
- dist/chunk-KLCKOOAO.js accepts LiveKit data topics for remote scroll/cursor/annotation and RPC tool calls.
- dist/chunk-KLCKOOAO.js posts session data and publishableKey to /api/auth/livekit/react on app.meridial.dev by default.
Evidence against
- package.json has no install/preinstall/postinstall lifecycle scripts or bin entries.
- dist/index.js and dist/voicebox.js only re-export React SDK entrypoints.
- README.md documents voice assistant, cobrowse escalation, publishableKey/baseUrl, and user-defined agent tools.
- Tool RPC only executes application-provided tools after zod schema validation; no built-in shell/fs execution found.
- No credential/env harvesting, destructive file operations, persistence, or AI-agent control-surface writes found.
Behavioral surface
ChildProcessEnvironmentVarsNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-KLCKOOAO.jsView file
13565patternName = generic_password
severity = medium
line = 13565
matchedText = let sdp2...\n";
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/chunk-KLCKOOAO.jsView on unpkg · L13565Findings
3 Medium3 Low
MediumSecret Patterndist/chunk-KLCKOOAO.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings