AI Security Review
scanned 6d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. Network and token handling are package-aligned Plan Desk API/sync features activated by application runtime calls, not install-time behavior.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports package and calls createApp/createServices or sync service methods.
Impact
Expected local planning API behavior; no confirmed exfiltration or persistence.
Mechanism
REST/SSE server and user-configured sync client
Rationale
Static inspection shows a normal Plan Desk API package with bundled SPA assets, local database service wrappers, optional auth, SSE, and explicit user-configured sync networking. Scanner hits for network/env/token/unicode are explained by normal app code and bundled frontend dependencies, with no install-time mutation, credential theft, remote payload execution, or destructive behavior.
Evidence
package.jsondist/index.jsdist/server.jsdist/static.jsdist/services/sync.jsdist/routes/tokens.jsdist/routes/events.jsweb/assets/index-Dcaq3wR-.jsweb/index.html
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall hooks or bin entry.
- dist/index.js only exports API helpers and reads package.json for version().
- dist/server.js builds Hono REST/SSE routes and optional /mcp mount from caller-supplied deps.
- dist/services/sync.js fetches caller-configured remote.serverUrl for Plan Desk sync endpoints with supplied syncToken.
- dist/static.js only serves bundled or env-selected SPA files; no writes or shell execution.
- No child_process, eval/new Function, dynamic import, native binary loading, credential harvesting, or AI-agent config mutation found.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
1 flagged · loading sourceweb/assets/index-Dcaq3wR-.jsView file
230contains invisible/control Unicode U+200D (zero width joiner)
`,aJ=`️`,oJ=`<U+200D>`,sJ=``,cJ=null,lJ=null;function uJ(e=[]){let t={};KK.groups=t;let n=new KK;cJ??=mJ(jK),lJ??=mJ(MK),$(n,`'`,Tq),$(n,`{`,cq),$(n,`}`,lq),$(n,`[`,uq),$(n,`]`,dq),$(n,`(`,fq),$(n,`)`,pq),$(n,`<`,mq),$(n,`>`,hq),$(n,`(`,gq
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
web/assets/index-Dcaq3wR-.jsView on unpkg · L230Findings
1 Critical3 Medium5 Low
CriticalTrojan Source Unicodeweb/assets/index-Dcaq3wR-.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings