registry  /  @panguard-ai/panguard-trap  /  1.8.4

@panguard-ai/panguard-trap@1.8.4

Smart honeypot for attacker profiling / 智慧蜜罐,誘捕並分析攻擊者

AI Security Review

scanned 2d ago · by lpm-firewall-ai

The package intentionally runs honeypot network services only after explicit API or CLI startup. Optional telemetry sends minimized trap intelligence to a caller-configured HTTPS endpoint; no unconsented installation-time behavior is present.

Static reason
One or more suspicious static signals were detected.
Trigger
User runs `panguard-trap start` or calls `TrapEngine.start()` with enabled services.
Impact
Captures data supplied by remote honeypot visitors and may transmit anonymized reports only when an endpoint is configured.
Mechanism
Explicit honeypot listeners with optional sanitized telemetry upload.
Rationale
The suspicious primitives are aligned with the advertised, explicitly invoked honeypot function. Source inspection found no install-time execution, credential/environment harvesting, remote payload execution, or covert persistence.
Evidence
package.jsondist/cli/index.jsdist/trap-engine.jsdist/threat-cloud-uploader.jsdist/pid-file.jsdist/services/ssh-trap.jsdist/services/generic-trap.js/var/lib/panguard/trap/panguard-trap.pid

Decision evidence

public snapshot
AI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
  • `dist/cli/index.js` directly runs `start` only when invoked as the package CLI.
  • `dist/services/*-trap.js` implement network-facing honeypot listeners and record remote credentials/commands.
  • `dist/threat-cloud-uploader.js` can POST anonymized trap intelligence to a caller-supplied endpoint.
Evidence against
  • `package.json` has no preinstall, install, postinstall, or other lifecycle hook.
  • Imports only export APIs; runtime service startup requires explicit `panguard-trap start` or `TrapEngine.start()`.
  • Cloud upload initializes only when both `feedThreatCloud` and a user-provided `threatCloudEndpoint` are set.
  • Uploader hashes usernames, omits passwords, requires HTTPS, blocks private/reserved hosts, and rejects redirects.
  • Filesystem writes are limited to a PID file under the configured data directory.
  • No shell execution, eval/vm, payload loading, environment harvesting, or AI-agent configuration mutation found.
Behavioral surface
Source
CryptoDynamicRequireFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 18 file(s), 161 KB of source, external domains: help.ubuntu.com, landscape.canonical.com, panguard.ai

Source & flagged code

3 flagged · loading source
dist/services/generic-trap.jsView file
76patternName = generic_password severity = medium line = 76 matchedText = pwd: '...
Medium
Secret Pattern

Package contains a possible secret pattern.

dist/services/generic-trap.jsView on unpkg · L76
dist/services/ssh-trap.jsView file
101logger.info('SSH honeypot using TCP fallback (ssh2 not available)'); L102: const net = await import('node:net'); L103: this.server = net.createServer((socket) => {
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/services/ssh-trap.jsView on unpkg · L101
72patternName = generic_password severity = medium line = 72 matchedText = pwd: '...
Medium
Secret Pattern

Hardcoded password in dist/services/ssh-trap.js

dist/services/ssh-trap.jsView on unpkg · L72

Findings

4 Medium4 Low
MediumSecret Patterndist/services/generic-trap.js
MediumDynamic Requiredist/services/ssh-trap.js
MediumNetwork
MediumSecret Patterndist/services/ssh-trap.js
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings