AI Security Review
scanned 2h ago · by lpm-firewall-aiNo confirmed malicious attack surface is established. Network and process features are package-aligned runtime capabilities activated by application configuration or explicit API calls, not install-time behavior.
Static reason
One or more suspicious static signals were detected.
Trigger
Application imports and explicitly invokes monitoring, alerting, health-check, or configured storage APIs.
Impact
No unconsented persistence, broad control-surface mutation, remote payload execution, or data exfiltration was found.
Mechanism
Configurable observability, process-health, and R2 storage helpers.
Rationale
The flagged primitives resolve to optional Sentry reporting, configured storage, environment-based database selection, and explicitly started operational monitoring. Source inspection found no lifecycle execution, stealthy mutation, credential harvesting, or unconsented network destination.
Evidence
package.jsondist/monitoring/alerts.jsdist/monitoring/zombie-detector.jsdist/observability/health-check.jsdist/storage/r2.jsdist/client/admin/i18n/en.jsdist/monitoring/index.jsdist/database/universal-postgres.js
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/monitoring/zombie-detector.js` invokes `ps` and may signal a detected zombie's parent, but only through exported monitoring calls.
- `dist/monitoring/alerts.js` dynamically imports optional `@sentry/node` for configured critical-alert reporting.
Evidence against
- `package.json` has no `preinstall`, `install`, `postinstall`, or `prepare` lifecycle hook.
- `dist/monitoring/zombie-detector.js` creates no timer at import; scanning starts only via `startZombieDetection()`.
- `dist/observability/health-check.js` uses fixed `df -P /` arguments, not user-supplied shell input.
- `dist/storage/r2.js` performs configured Cloudflare R2 storage operations, not undisclosed network calls.
- `dist/client/admin/i18n/en.js` contains the UI label `Password`; no embedded credential was found.
- No AI-agent configuration paths, filesystem writes, payload loading, or credential exfiltration were found.
Behavioral surface
ChildProcessCryptoDynamicRequireEnvironmentVarsNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/client/admin/i18n/en.jsView file
19patternName = generic_password
severity = medium
line = 19
matchedText = password...rd',
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/client/admin/i18n/en.jsView on unpkg · L19dist/monitoring/alerts.jsView file
16const moduleName = '@sentry' + '/node';
L17: const sentry = await import(/* webpackIgnore: true */ moduleName);
L18: return sentry;
Medium
Dynamic Require
Package source references dynamic require/import behavior.
dist/monitoring/alerts.jsView on unpkg · L16Findings
4 Medium3 Low
MediumSecret Patterndist/client/admin/i18n/en.js
MediumDynamic Requiredist/monitoring/alerts.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings