AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The package exposes Plan Desk API services, static web assets, and user-configured sync operations.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing library helpers or running a host app that calls createApp/createServices; sync fetches require explicit runtime sync actions/configuration.
Impact
No evidence of unconsented install-time execution, credential exfiltration, persistence, destructive behavior, or agent-control hijack.
Mechanism
Plan Desk REST/SSE API and user-configured sync client
Rationale
Static inspection shows a normal Plan Desk API/web package with no lifecycle hooks and no concrete malicious chain; network and env usage are package-aligned and runtime-configured. Scanner hints on the minified web bundle are noisy without source-level evidence of hidden control flow or exfiltration.
Evidence
package.jsondist/index.jsdist/server.jsdist/static.jsdist/auth.jsdist/services/sync.jsdist/routes/submissions.jsdist/routes/events.jsdist/routes/tokens.jsweb/assets/index-DMKmd5gS.js
Decision evidence
public snapshotAI called this Clean at 88.0% confidence as Benign with low false-positive risk.
Evidence for block
- dist/services/sync.js performs runtime fetches to a caller-configured remote.serverUrl with Bearer syncToken.
- dist/static.js reads process.env.PLANDESK_WEB_DIST to locate bundled static assets.
Evidence against
- package.json has no preinstall/install/postinstall hooks and no bin entrypoint.
- dist/index.js only exports API/server helpers; import-time file read is limited to package.json version().
- dist/server.js builds Hono routes for Plan Desk REST/SSE and optional caller-provided MCP router.
- dist/services/sync.js network calls are user-invoked sync operations to configured Plan Desk sync endpoints, not hardcoded exfiltration.
- rg found no child_process, eval/vm, native loading, destructive fs writes, credential harvesting, or agent control-surface mutation.
- web/assets/index-DMKmd5gS.js is a bundled React SPA; fetch use is same-origin API/modulepreload behavior, not a confirmed Trojan Source attack.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
1 flagged · loading sourceweb/assets/index-DMKmd5gS.jsView file
230contains invisible/control Unicode U+200D (zero width joiner)
`,dJ=`️`,fJ=`<U+200D>`,pJ=``,mJ=null,hJ=null;function gJ(e=[]){let t={};QK.groups=t;let n=new QK;mJ??=bJ(LK),hJ??=bJ(RK),$(n,`'`,jq),$(n,`{`,mq),$(n,`}`,hq),$(n,`[`,gq),$(n,`]`,_q),$(n,`(`,vq),$(n,`)`,yq),$(n,`<`,bq),$(n,`>`,xq),$(n,`(`,Sq
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web/assets/index-DMKmd5gS.jsView on unpkg · L230Findings
1 Critical3 Medium5 Low
CriticalTrojan Source Unicodeweb/assets/index-DMKmd5gS.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings