AI Security Review
scanned 2d ago · by lpm-firewall-aiThe package intentionally runs honeypot network services only after explicit API or CLI startup. Optional telemetry sends minimized trap intelligence to a caller-configured HTTPS endpoint; no unconsented installation-time behavior is present.
Static reason
One or more suspicious static signals were detected.
Trigger
User runs `panguard-trap start` or calls `TrapEngine.start()` with enabled services.
Impact
Captures data supplied by remote honeypot visitors and may transmit anonymized reports only when an endpoint is configured.
Mechanism
Explicit honeypot listeners with optional sanitized telemetry upload.
Rationale
The suspicious primitives are aligned with the advertised, explicitly invoked honeypot function. Source inspection found no install-time execution, credential/environment harvesting, remote payload execution, or covert persistence.
Evidence
package.jsondist/cli/index.jsdist/trap-engine.jsdist/threat-cloud-uploader.jsdist/pid-file.jsdist/services/ssh-trap.jsdist/services/generic-trap.js/var/lib/panguard/trap/panguard-trap.pid
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/cli/index.js` directly runs `start` only when invoked as the package CLI.
- `dist/services/*-trap.js` implement network-facing honeypot listeners and record remote credentials/commands.
- `dist/threat-cloud-uploader.js` can POST anonymized trap intelligence to a caller-supplied endpoint.
Evidence against
- `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
- Imports only export APIs; runtime service startup requires explicit `panguard-trap start` or `TrapEngine.start()`.
- Cloud upload initializes only when both `feedThreatCloud` and a user-provided `threatCloudEndpoint` are set.
- Uploader hashes usernames, omits passwords, requires HTTPS, blocks private/reserved hosts, and rejects redirects.
- Filesystem writes are limited to a PID file under the configured data directory.
- No shell execution, eval/vm, payload loading, environment harvesting, or AI-agent configuration mutation found.
Behavioral surface
CryptoDynamicRequireFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/services/generic-trap.jsView file
76patternName = generic_password
severity = medium
line = 76
matchedText = pwd: '...
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/services/generic-trap.jsView on unpkg · L76dist/services/ssh-trap.jsView file
101logger.info('SSH honeypot using TCP fallback (ssh2 not available)');
L102: const net = await import('node:net');
L103: this.server = net.createServer((socket) => {
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/services/ssh-trap.jsView on unpkg · L10172patternName = generic_password
severity = medium
line = 72
matchedText = pwd: '...
Medium
Secret Pattern
Hardcoded password in dist/services/ssh-trap.js
dist/services/ssh-trap.jsView on unpkg · L72Findings
4 Medium4 Low
MediumSecret Patterndist/services/generic-trap.js
MediumDynamic Requiredist/services/ssh-trap.js
MediumNetwork
MediumSecret Patterndist/services/ssh-trap.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings