AI Security Review
scanned 7d ago · by lpm-firewall-aiNo confirmed malware behavior was found. The real risk is accidental credential exposure plus user-invoked database mutation scripts.
Static reason
One or more suspicious static signals were detected.
Trigger
User explicitly runs dist/scripts.js or npm run sync:sla-sql/scripts/sync-sla-reports-sql.js
Impact
Potential unauthorized database access or schema/SQL changes if exposed credentials are valid
Mechanism
bundled DB maintenance code using env-configured PostgreSQL credentials
Attack narrative
The package publishes database credentials in .env and includes scripts that can connect to PostgreSQL and apply bundled SQL/schema operations. I found no evidence that this is triggered during npm install or package import, and no code exfiltrates credentials or writes persistence/AI-agent control surfaces.
Rationale
This is not malicious by static inspection, but the packaged .env credentials and user-invoked DB mutation scripts are a significant security exposure. Because the behavior is not install-time, hidden, or exfiltrative, warn rather than block.
Evidence
package.json.envdist/index.jsdist/data-source.jsdist/scripts.jsscripts/sync-sla-reports-sql.jssrc/data-source.tssql/*.sqlsql/sla-reports-sync.manifest.json
Network endpoints1
164.52.222.169:5432
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Critical Vulnerability with medium false-positive risk.
Evidence for warning
- .env is packaged with hardcoded PostgreSQL connection settings including a public DB host and credentials.
- scripts/sync-sla-reports-sql.js loads .env files and applies bundled sql/*.sql to the configured PostgreSQL database when explicitly run.
- dist/scripts.js initializes AppDataSource and can synchronize DB schema when explicitly run.
Evidence against
- package.json has no preinstall/install/postinstall lifecycle hooks or bin entry.
- dist/index.js main is an export barrel for TypeORM models/enums, with no network, shell, or file-write behavior observed.
- No child_process, eval/Function, remote URL fetch, AI-agent config writes, persistence hooks, or credential harvesting/exfiltration found by source grep.
- Database access is package-aligned and user-invoked via npm script or direct script execution, not install-time/import-time from main.
Behavioral surface
EnvironmentVarsFilesystem
HighEntropyStrings
NoLicense
Source & flagged code
1 flagged · loading source.envView file
4patternName = blocked_file
severity = critical
matchedText = .env
redactedSecretContext =
secretLikeLines = 1
L4: DB_PASS=<redacted:40 token-like>
Critical
Findings
1 Critical1 Medium4 Low
CriticalCritical Secret.env
MediumEnvironment Vars
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License