AI Security Review
scanned 7h ago · by lpm-firewall-aiNo malicious install-time behavior was found. Runtime Voicebox sessions can connect to Meridial/LiveKit and provide cobrowse replay, remote scroll, and consumer-defined tool execution, which is product-aligned but high-capability.
Static reason
One or more suspicious static signals were detected.
Trigger
User embeds and opens the Voicebox React component, then starts a session
Impact
Potential DOM/session replay and app actions only during an active configured support session
Mechanism
Meridial voice/cobrowse SDK with LiveKit streaming and tool RPC
Rationale
The risky primitives are visible, runtime-gated support features documented by the package and not delivered through lifecycle hooks or stealthy persistence. This is not malicious, but the cobrowse replay and tool RPC surface merits a warning rather than a clean allow.
Evidence
package.jsonREADME.mddist/index.jsdist/voicebox.jsdist/chunk-4UT6YTP7.js
Network endpoints2
app.meridial.dev/api/auth/livekit/reactmeridial.dev
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
- dist/chunk-4UT6YTP7.js records rrweb replay and streams events on topic replay:event when a SUPPORT participant joins
- dist/chunk-4UT6YTP7.js accepts remoteControl:action scroll commands from room participants
- dist/chunk-4UT6YTP7.js exposes tool_call RPC that executes consumer-registered tool handlers
- dist/chunk-4UT6YTP7.js POSTs session metadata/publishableKey to https://app.meridial.dev/api/auth/livekit/react
Evidence against
- package.json has no npm lifecycle scripts or bin entry
- README.md documents voice assistant, cobrowse escalation, tools, publishable key, and hosted API base URL
- Network and LiveKit behavior is runtime/user-invoked via Voicebox, not install/import-time
- No child_process, shell execution, broad filesystem writes, persistence, or AI-agent control-surface mutation found
Behavioral surface
ChildProcessEnvironmentVarsNetworkWebSocket
HighEntropyStringsUrlStrings
Source & flagged code
1 flagged · loading sourcedist/chunk-4UT6YTP7.jsView file
13712patternName = generic_password
severity = medium
line = 13712
matchedText = let sdp2...\n";
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/chunk-4UT6YTP7.jsView on unpkg · L13712Findings
3 Medium3 Low
MediumSecret Patterndist/chunk-4UT6YTP7.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings