AI Security Review
scanned 3d ago · by lpm-firewall-aiNo confirmed malicious attack surface was established. The package is a bundled SQLAnvil core/compiler library with schema/protobuf definitions and project-file oriented APIs.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports @sqlanvil/core or invokes its exported compiler/session APIs.
Impact
Expected local project compilation behavior; no credential exfiltration, persistence, destructive install action, or protestware payload confirmed.
Mechanism
SQL workflow compilation and protobuf/config handling
Rationale
Static source inspection did not confirm the scanner's malicious/protestware label; suspicious terms are package-aligned configuration/documentation and bundled library code. No lifecycle execution, exfiltration endpoint, shell execution, AI-agent control mutation, or destructive behavior was found.
Evidence
package.jsonbundle.jsREADME.mdconfigs.protocore.protojit.protodb_adapter.protoextension.protobundle.d.ts
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has main bundle.js, no bin and no lifecycle scripts.
- package.json dependencies is empty; resolutions are metadata only and do not install/execute code.
- bundle.js exports sqlanvil compiler/session APIs via module.exports; no install-time entrypoint found.
- Search found no child_process, exec/spawn, eval/Function, process.env harvesting, or network client imports in package code.
- Scanner protestware hint appears noisy: searches for protestware terms matched only ordinary license/readme wording and warehouse docs.
- README and proto files align with SQL workflow compiler functionality for BigQuery/Postgres/Supabase/MySQL.
Behavioral surface
ChildProcessShell
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium3 Low
CriticalProtestware
MediumStructural Risk Force Deep Review
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings