AI Security Review
scanned 8h ago · by lpm-firewall-aiNo confirmed malicious attack surface. The browser UI exposes capability-scoped preview and terminal functions only after runtime user interaction and relay setup.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
A user opens the Locus UI, supplies a capability, or explicitly registers/selects a preview target.
Impact
No unconsented install-time execution, persistence, credential harvesting, or fixed exfiltration endpoint was established.
Mechanism
Capability-scoped relay pipes, preview proxying, and user-operated terminal UI.
Rationale
This is a browser frontend for Locus preview and terminal capabilities, not an npm install-time payload. Its network-capable functions are relay- and user-input-driven, with no evidence of covert exfiltration, destructive behavior, or foreign control-surface mutation.
Evidence
package.jsondist/__locus/agent.jsdist/__locus/bootstrap.jsdist/sw.jsdist/assets/index-BOxJtL2j.js.mapdist/index.htmldist/preview.htmldist/assets/index-BOxJtL2j.jsdist/assets/html.worker-B3Ztmmz2.js
Decision evidence
public snapshotAI called this Clean at 94.0% confidence as Benign with low false-positive risk.
Evidence for block
- `dist/__locus/agent.js` tunnels preview WebSocket traffic and forwards page console/errors.
- `dist/assets/index-BOxJtL2j.js.map` exposes a user-driven terminal panel through `window.entangle.openTerminal`.
- Preview registration accepts user-entered local or external HTTP(S) targets, with documented daemon-side SSRF validation.
Evidence against
- `package.json` has no preinstall, install, postinstall, bin, or import entrypoint.
- Published files are browser assets only; no native executables or payload loaders were found.
- Package-owned sources contain no credential, cookie, environment, SSH, npmrc, or beacon harvesting.
- Dynamic imports in `dist/assets/index-BOxJtL2j.js` load bundled Monaco language modules only.
- The reported invisible-Unicode finding was not reproduced in `dist/assets/html.worker-B3Ztmmz2.js`.
Behavioral surface
ChildProcessFilesystemNetworkWebSocket
HighEntropyStringsMinifiedObfuscatedUrlStrings
NoLicense
Oversized source lightweight scan
dist/assets/index-BOxJtL2j.js4.08 MB file, sampled 256 KB
NetworkChildProcessObfuscatedHighEntropyStringsMinifiedUrlStringsreact.devwww.w3.org
dist/assets/ts.worker-0mEyHVru.js5.64 MB file, sampled 256 KB
FilesystemNetworkUrlStringswww.apache.org
Source & flagged code
2 flagged · loading sourcedist/assets/html.worker-B3Ztmmz2.jsView file
22contains invisible/control Unicode U+2060 (word joiner)
`,"nexist;":`∄`,"nexists;":`∄`,"Nfr;":`𝔑`,"nfr;":`𝔫`,"ngE;":`≧̸`,"nge;":`≱`,"ngeq;":`≱`,"ngeqq;":`≧̸`,"ngeqslant;":`⩾̸`,"nges;":`⩾̸`,"nGg;":`⋙̸`,"ngsim;":`≵`,"nGt;":`≫⃒`,"ngt;":`≯`,"ngtr;":`≯`,"nGtv;":`≫̸`,"nhArr;":`⇎`,"nharr;":`↮`,"nhpar;"
Critical
Trojan Source Unicode
Source contains bidi control or invisible Unicode characters associated with Trojan Source attacks.
dist/assets/html.worker-B3Ztmmz2.jsView on unpkg · L22dist/assets/index-BOxJtL2j.jsView file
•path = dist/assets/index-BOxJtL2j.js
kind = oversized_source_file
sizeBytes = 4282999
magicHex = [redacted]
High
Oversized Source File
Package contains source files above the static scanner size ceiling.
dist/assets/index-BOxJtL2j.jsView on unpkgFindings
1 Critical1 High2 Medium6 Low
CriticalTrojan Source Unicodedist/assets/html.worker-B3Ztmmz2.js
HighOversized Source Filedist/assets/index-BOxJtL2j.js
MediumNetwork
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings
LowNo License