registry  /  @meridial/react  /  0.4.5

@meridial/react@0.4.5

A React library for embedding the Meridial in-app voice assistant.

AI Security Review

scanned 7h ago · by lpm-firewall-ai

No malicious install-time behavior was found. Runtime Voicebox sessions can connect to Meridial/LiveKit and provide cobrowse replay, remote scroll, and consumer-defined tool execution, which is product-aligned but high-capability.

Static reason
One or more suspicious static signals were detected.
Trigger
User embeds and opens the Voicebox React component, then starts a session
Impact
Potential DOM/session replay and app actions only during an active configured support session
Mechanism
Meridial voice/cobrowse SDK with LiveKit streaming and tool RPC
Rationale
The risky primitives are visible, runtime-gated support features documented by the package and not delivered through lifecycle hooks or stealthy persistence. This is not malicious, but the cobrowse replay and tool RPC surface merits a warning rather than a clean allow.
Evidence
package.jsonREADME.mddist/index.jsdist/voicebox.jsdist/chunk-4UT6YTP7.js
Network endpoints2
app.meridial.dev/api/auth/livekit/reactmeridial.dev

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • dist/chunk-4UT6YTP7.js records rrweb replay and streams events on topic replay:event when a SUPPORT participant joins
  • dist/chunk-4UT6YTP7.js accepts remoteControl:action scroll commands from room participants
  • dist/chunk-4UT6YTP7.js exposes tool_call RPC that executes consumer-registered tool handlers
  • dist/chunk-4UT6YTP7.js POSTs session metadata/publishableKey to https://app.meridial.dev/api/auth/livekit/react
Evidence against
  • package.json has no npm lifecycle scripts or bin entry
  • README.md documents voice assistant, cobrowse escalation, tools, publishable key, and hosted API base URL
  • Network and LiveKit behavior is runtime/user-invoked via Voicebox, not install/import-time
  • No child_process, shell execution, broad filesystem writes, persistence, or AI-agent control-surface mutation found
Behavioral surface
Source
ChildProcessEnvironmentVarsNetworkWebSocket
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 3 file(s), 1.30 MB of source, external domains: aomediacodec.github.io, app.meridial.dev, base-ui.com, cloud-api.livekit.io, fb.me, meridial.dev, www.w3.org

Source & flagged code

1 flagged · loading source
dist/chunk-4UT6YTP7.jsView file
13712patternName = generic_password severity = medium line = 13712 matchedText = let sdp2...\n";
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/chunk-4UT6YTP7.jsView on unpkg · L13712

Findings

3 Medium3 Low
MediumSecret Patterndist/chunk-4UT6YTP7.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings