registry  /  @servicelabsco/slabs-access-manager  /  1.0.49

@servicelabsco/slabs-access-manager@1.0.49

Support for application level menus and dashboards

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No install-time attack behavior or foreign AI-agent configuration mutation was found. The server exposes database-configurable JavaScript evaluation in notification and PDF workflows, creating a runtime RCE risk if those records can be maliciously modified.

Static reason
One or more suspicious static signals were detected.
Trigger
A notification dispatch or manual PDF-generation request using a crafted persisted condition or processor script.
Impact
Arbitrary JavaScript execution in the NestJS server process under a privileged configuration-write compromise.
Mechanism
Runtime eval of persisted application configuration.
Rationale
Source inspection found no malicious install/import-time chain, but confirmed multiple persisted-script eval sinks reachable through normal server workflows. Flag as warn for the unresolved remote-code-execution capability.
Evidence
package.jsondist/index.jsdist/access/libraries/process.notification.jsdist/accessUtility/libraries/process.manual.pdf.document.jsdist/access/libraries/send.fcm.notification.jsdist/mcp/http/mcp.request.handler.js

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
  • `dist/access/libraries/process.notification.js` evals database-backed notification filter conditions.
  • `dist/accessUtility/libraries/process.manual.pdf.document.js` evals a database-backed PDF processor script.
  • These eval paths run during application notification/PDF processing and can execute arbitrary server-side JavaScript if privileged content fields are attacker-controlled.
Evidence against
  • `package.json` has no preinstall/install/postinstall lifecycle hooks.
  • `dist/index.js` exports modules; it contains no import-time network, shell, or persistence action.
  • `dist/mcp/http/mcp.request.handler.js` uses a loopback API base URL, not an external agent-control mutation.
  • `dist/access/libraries/send.fcm.notification.js` obtains FCM credentials from the configured property service rather than embedding a secret.
Behavioral surface
Source
ChildProcessEnvironmentVarsEvalFilesystemNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 1,403 file(s), 2.98 MB of source, external domains: 127.0.0.1, accounts.google.com, accounts.zoho.com, accounts.zoho.in, api.amazon.com, client.finnoto.in, docs.google.com, ei5oni4xxk.execute-api.ap-south-1.amazonaws.com, gmail.googleapis.com, oauth2.googleapis.com, sellercentral.amazon.in, slack.com, stogyux6hk.execute-api.ap-south-1.amazonaws.com, www.googleapis.com

Source & flagged code

3 flagged · loading source
dist/access/libraries/send.fcm.notification.jsView file
89patternName = private_key_rsa severity = critical line = 89 matchedText = key: `--...--`,
Critical
Critical Secret

Package contains a critical-looking secret pattern.

dist/access/libraries/send.fcm.notification.jsView on unpkg · L89
89patternName = private_key_rsa severity = critical line = 89 matchedText = key: `--...--`,
Critical
Secret Pattern

RSA private key in dist/access/libraries/send.fcm.notification.js

dist/access/libraries/send.fcm.notification.jsView on unpkg · L89
dist/access/libraries/process.notification.jsView file
33const { condition = '' } = email?.filter_condition || {}; L34: eval(condition); L35: if (send)
Low
Eval

Package source references a known benign dynamic code generation pattern.

dist/access/libraries/process.notification.jsView on unpkg · L33

Findings

2 Critical2 Medium5 Low
CriticalCritical Secretdist/access/libraries/send.fcm.notification.js
CriticalSecret Patterndist/access/libraries/send.fcm.notification.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/access/libraries/process.notification.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings