AI Security Review
scanned 4h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. The package is a bundled Reltio pivoting/dashboard UI component that runs when imported by an application.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
Application imports or renders bundle.js.
Impact
No credential theft, arbitrary code execution, persistence, destructive behavior, or install-time mutation identified.
Mechanism
React UI components using host SDK APIs and benign map/image fetches
Rationale
Direct source inspection does not support the scanner's malicious/protestware label; suspicious strings resolve to ordinary bundled frontend libraries and UI terms. There is no lifecycle execution or concrete exfiltration/destructive/persistence behavior.
Evidence
package.jsonbundle.jsbundle.js.LICENSE.txt
Network endpoints2
reltio-images.s3.amazonaws.com/api/s3.amazonaws.com/reltio-ui-files/map_resources/us-albers.json
Decision evidence
public snapshotAI called this Clean at 91.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle scripts; main is bundle.js.
- Package contains only package.json, bundle.js, and bundle.js.LICENSE.txt.
- bundle.js is a UMD/webpack React UI bundle importing MUI, React, Reltio MDM modules, and UI helpers.
- No child_process, fs/http native requires, env/credential harvesting, AI-agent config writes, or destructive file operations found.
- Network use is limited to UI/runtime data loading, including Reltio/S3 image or map resources and host SDK calls.
- Scanner protestware hint appears noisy: direct searches found no protest/Ukraine/Russia/Belarus terms; 'war' matches normal words like Forward/Backward.
Behavioral surface
ChildProcess
HighEntropyStringsMinifiedProtestwareTrivial
NoLicense
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical2 Low
CriticalProtestware
LowHigh Entropy Strings
LowNo License