AI Security Review
scanned 2h ago · by lpm-firewall-aiNo install-time attack behavior or foreign AI-agent configuration mutation was found. The server exposes database-configurable JavaScript evaluation in notification and PDF workflows, creating a runtime RCE risk if those records can be maliciously modified.
Static reason
One or more suspicious static signals were detected.
Trigger
A notification dispatch or manual PDF-generation request using a crafted persisted condition or processor script.
Impact
Arbitrary JavaScript execution in the NestJS server process under a privileged configuration-write compromise.
Mechanism
Runtime eval of persisted application configuration.
Rationale
Source inspection found no malicious install/import-time chain, but confirmed multiple persisted-script eval sinks reachable through normal server workflows. Flag as warn for the unresolved remote-code-execution capability.
Evidence
package.jsondist/index.jsdist/access/libraries/process.notification.jsdist/accessUtility/libraries/process.manual.pdf.document.jsdist/access/libraries/send.fcm.notification.jsdist/mcp/http/mcp.request.handler.js
Decision evidence
public snapshotAI called this Suspicious at 87.0% confidence as Critical Vulnerability with low false-positive risk.
Evidence for warning
- `dist/access/libraries/process.notification.js` evals database-backed notification filter conditions.
- `dist/accessUtility/libraries/process.manual.pdf.document.js` evals a database-backed PDF processor script.
- These eval paths run during application notification/PDF processing and can execute arbitrary server-side JavaScript if privileged content fields are attacker-controlled.
Evidence against
- `package.json` has no preinstall/install/postinstall lifecycle hooks.
- `dist/index.js` exports modules; it contains no import-time network, shell, or persistence action.
- `dist/mcp/http/mcp.request.handler.js` uses a loopback API base URL, not an external agent-control mutation.
- `dist/access/libraries/send.fcm.notification.js` obtains FCM credentials from the configured property service rather than embedding a secret.
Behavioral surface
ChildProcessEnvironmentVarsEvalFilesystemNetwork
HighEntropyStringsUrlStrings
Source & flagged code
3 flagged · loading sourcedist/access/libraries/send.fcm.notification.jsView file
89patternName = private_key_rsa
severity = critical
line = 89
matchedText = key: `--...--`,
Critical
Critical Secret
Package contains a critical-looking secret pattern.
dist/access/libraries/send.fcm.notification.jsView on unpkg · L8989patternName = private_key_rsa
severity = critical
line = 89
matchedText = key: `--...--`,
Critical
Secret Pattern
RSA private key in dist/access/libraries/send.fcm.notification.js
dist/access/libraries/send.fcm.notification.jsView on unpkg · L89dist/access/libraries/process.notification.jsView file
33const { condition = '' } = email?.filter_condition || {};
L34: eval(condition);
L35: if (send)
Low
Eval
Package source references a known benign dynamic code generation pattern.
dist/access/libraries/process.notification.jsView on unpkg · L33Findings
2 Critical2 Medium5 Low
CriticalCritical Secretdist/access/libraries/send.fcm.notification.js
CriticalSecret Patterndist/access/libraries/send.fcm.notification.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowEvaldist/access/libraries/process.notification.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings