AI Security Review
scanned 8d ago · by lpm-firewall-aiNo confirmed malicious attack surface was found. The bundle performs normal UI rendering and may fetch Reltio image/map assets or call host-provided SDK APIs during application use.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Importing and rendering the package's React components in an application.
Impact
No credential harvesting, filesystem access, install-time execution, persistence, or destructive behavior identified.
Mechanism
Bundled UI component library with SDK-backed data loading
Rationale
Static inspection supports a clean verdict: scanner protestware hints appear noisy and source evidence shows a normal bundled Reltio pivoting UI package. The observed network behavior is package-aligned asset/API usage, not exfiltration or lifecycle abuse.
Evidence
package.jsonbundle.jsbundle.js.LICENSE.txt
Network endpoints2
reltio-images.s3.amazonaws.com/api/s3.amazonaws.com/reltio-ui-files/map_resources/us-albers.json
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has main bundle.js and no lifecycle scripts or bin entries.
- bundle.js is a bundled React/MUI UI module with exported pivoting/dashboard components.
- No child_process, fs require, process.env, document.cookie, localStorage, sendBeacon, eval, protest, ukraine, or russia strings found.
- Network URLs are package-aligned UI assets: reltio S3 image storage and map JSON, plus library documentation/license URLs.
- Runtime API calls use imported mdm/dashboard SDK functions such as getActivities, getSegments, and getPivotingLabel.
- bundle.js.LICENSE.txt contains ordinary third-party license notices.
Behavioral surface
ChildProcess
HighEntropyStringsMinifiedProtestwareTrivial
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical2 Low
CriticalProtestware
LowHigh Entropy Strings
LowNo License