AI Security Review
scanned 4d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a bundled Punica editor framework that exposes runtime, shell, extension, flow, MCP, task, and capability APIs; sensitive operations are host/user-driven framework features rather than install-time payloads.
Static reason
No blocking static signals were detected.
Trigger
Importing/initializing the editor or invoking Punica runtime APIs
Impact
May write Punica audit/event metadata and run host-approved runtime tasks when called, but no source evidence of stealth exfiltration, persistence, or unconsented AI-agent control mutation.
Mechanism
Framework API registration and host-mediated workspace/runtime operations
Rationale
Static inspection shows a large bundled editor/runtime library with expected Punica workspace, extension, task, MCP, and redaction capabilities, but no concrete malicious install-time or import-time behavior. The prepare hook and wildcard devDependency signal are not enough to flag the published package as malicious.
Evidence
package.jsonREADME.mddist/index.bundle.esm.jsdist/index.bundle.umd.jsdist/index.bundle.esm.js.maptypes/index.d.tstypes/punica.module.runtime.fs.d.tstypes/punica.module.runtime.secrets.d.tstypes/punica.module.extensions.api.d.ts.punica/audit/*.json.punica/events/*.json.punica/events/.gitignore
Decision evidence
public snapshotAI called this Clean at 82.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no preinstall/install/postinstall; only prepare runs husky install
- Published files are dist bundles, maps, types, README; no hidden binaries or extra scripts found
- dist exports Punica editor APIs and initializes global punica modules; no import-time exfiltration endpoint found
- Runtime fs writes are scoped to Punica workspace audit/event paths and include redaction logic
- Network use is host/user-configured MCP/LLM/runtime transport, not a hardcoded attacker endpoint
- No credential harvesting beyond local secret redaction paths; no destructive broad filesystem behavior confirmed
Behavioral surface
Filesystem
HighEntropyStringsMinifiedTrivial
NoLicenseWildcardDependency
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Medium5 Low
MediumWildcard Dependency
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowNo License