AI Security Review
scanned 2d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a bundled SQL workflow compiler with protobuf definitions and user-invoked compilation/JIT helpers.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
User imports @sqlanvil/core or invokes compiler APIs
Impact
No install-time execution, persistence, credential harvesting, or exfiltration identified.
Mechanism
Package-aligned SQL/protobuf compilation and user-authored JS evaluation
Rationale
Static source inspection found a normal bundled SQLAnvil core compiler package; scanner protestware and network/secret hints map to README/proto schema strings and bundled library code, not attack behavior. Risky primitives such as new Function are user-invoked compiler/JIT functionality and no install-time mutation, network exfiltration, or destructive logic is present.
Evidence
package.jsonbundle.jsREADME.mdcore.protoconfigs.protojit.protodb_adapter.protoextension.protobundle.d.ts
Decision evidence
public snapshotAI called this Clean at 92.0% confidence as Benign with low false-positive risk.
Evidence for block
Evidence against
- package.json has no lifecycle scripts or bin; main is bundle.js only.
- bundle.js exports compiler/indexFileGenerator/jitCompiler/main/session APIs, not install-time code.
- Only external native require found is require("fs"), used by bundled protobuf loader readFileSync path handling.
- No child_process, shell execution, network client imports, or exfiltration endpoints found in source inspection.
- new Function appears in compiler/JIT paths for SQLAnvil user-authored JS/JIT code, aligned with package purpose and runtime-invoked.
- Protestware hint not supported by source: no Ukraine/Russia/geoip/destructive patterns found.
Behavioral surface
ChildProcessShell
HighEntropyStringsMinifiedObfuscatedProtestwareTrivialUrlStrings
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 Critical1 Medium3 Low
CriticalProtestware
MediumStructural Risk Force Deep Review
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings