AI Security Review
scanned 11d ago · by lpm-firewall-aiNo confirmed malicious attack surface. The package is a shared React dashboard UI that calls host-provided Testomniac API client hooks during user-driven UI actions.
Static reason
One or more suspicious static signals were detected.
Trigger
User renders components and explicitly uses dashboard forms/buttons.
Impact
Package-aligned credential/API key management and dashboard actions; no observed unconsented execution or exfiltration.
Mechanism
React UI invoking host-configured API hooks
Rationale
Static source inspection shows the scanner secret finding is UI code for legitimate credential management, not hidden harvesting or exfiltration. There are no consumer lifecycle hooks or suspicious execution primitives, and network behavior is delegated to a host-supplied API client/base URL.
Evidence
package.jsonREADME.mddist/index.jsdist/context/config.jsdist/components/credentials/CredentialManagementSection.js
Decision evidence
public snapshotAI called this Clean at 93.0% confidence as Benign with low false-positive risk.
Evidence for block
- Credential UI handles user-entered passwords/tokens, but only via explicit form actions and imported Testomniac client hooks.
- prepublishOnly runs clean/build before publish, not install for consumers.
Evidence against
- package.json has no install/postinstall hooks, bin, or native/binary entries; main is dist/index.js.
- dist/index.js only re-exports React contexts, hooks, components, pages, config, and utils.
- dist/context/config.js takes host-provided networkClient/token/apiUrl and does not define a hardcoded endpoint.
- dist/components/credentials/CredentialManagementSection.js sends credential data only on Add/Edit/Delete button handlers to host-configured Testomniac API hooks.
- No child_process, eval/Function, fs access, persistence, destructive operations, or AI-agent control-surface writes found.
- No executable shell/native/wasm files found in package.
Behavioral surface
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/components/credentials/CredentialManagementSection.jsView file
21patternName = generic_password
severity = medium
line = 21
matchedText = email_pa...rd',
Medium
Secret Pattern
Package contains a possible secret pattern.
dist/components/credentials/CredentialManagementSection.jsView on unpkg · L21dist/pages/StartScanPage.jsView file
11patternName = generic_password
severity = medium
line = 11
matchedText = email_pa...rd',
Medium
Secret Pattern
Hardcoded password in dist/pages/StartScanPage.js
dist/pages/StartScanPage.jsView on unpkg · L11Findings
2 Medium4 Low
MediumSecret Patterndist/components/credentials/CredentialManagementSection.js
MediumSecret Patterndist/pages/StartScanPage.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings